CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-1542 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1542
11 Jun 2014 — Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. Desbordamiento de buffer en Speex Resampler en el subsystema Web Audio en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con una tasa manipulada de cuenta y muestreo de canales AudioBuffer. Gary Kwong, Christoph Die... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 0CVE-2014-1534 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1534
11 Jun 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 30.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vect... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2014-1537 – Ubuntu Security Notice USN-2243-1
https://notcve.org/view.php?id=CVE-2014-1537
11 Jun 2014 — Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función mozilla::dom::workers::WorkerPrivateParent en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a tr... • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1539 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1539
11 Jun 2014 — Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. Mozilla Firefox anterior a 30.0 y Thunderbird hasta 24.6 en OS X no aseguran la visibilidad del cursor después de una interacción con un objeto Flash y un elemento DIV, lo que facilita a atacantes remotos realizar ataques... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 28%CPEs: 1EXPL: 0CVE-2014-1543 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1543
11 Jun 2014 — Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device. Múltiples desbordamientos de buffer basado en memoria dinámica en la función navigator.getGamepads en la API Gamepad en Mozilla Firefox anterior a 30.0 permiten a atacantes remotos ejecutar código arbitrario mediante el uso de axes no contiguos con un dispos... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 18EXPL: 0CVE-2014-1541 – Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52)
https://notcve.org/view.php?id=CVE-2014-1541
11 Jun 2014 — Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función RefreshDriverTimer::TickDriver en SMIL Animation Controller en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 8%CPEs: 18EXPL: 0CVE-2014-1538 – Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)
https://notcve.org/view.php?id=CVE-2014-1538
11 Jun 2014 — Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::CreateMozBR en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecu... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 10EXPL: 0CVE-2014-1533 – Mozilla: Miscellaneous memory safety hazards (rv:24.6) (MFSA 2014-48)
https://notcve.org/view.php?id=CVE-2014-1533
11 Jun 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permiten a atacantes remotos causar una dene... • http://linux.oracle.com/errata/ELSA-2014-0741.html •
CVSS: 6.5EPSS: 0%CPEs: 221EXPL: 0CVE-2014-1527
https://notcve.org/view.php?id=CVE-2014-1527
30 Apr 2014 — Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. Mozilla Firefox anterior a 29.0 en Android permite a atacantes remotos falsificar la barra de direcciones a través de código Java manipulado que utiliza eventos DOM para prevenir la reaparición de la barra de direcciones verdadera después de que desplazamiento lo ha sacado ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 2CVE-2014-1520 – Mozilla Arbitrary Code Execution / Privilege Escalation
https://notcve.org/view.php?id=CVE-2014-1520
30 Apr 2014 — maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process. maintenservice_installer.exe en Maintenance Service Installer en Mozilla Firefox anterior a 29.0 y Firefox ESR 24.x anterior a 24.5 en Windows permite a usuarios locales ganar privilegios mediante la colocación de un archivo... • https://packetstorm.news/files/id/137482 • CWE-269: Improper Privilege Management •