Page 145 of 1165 results (0.017 seconds)

CVSS: 9.8EPSS: 2%CPEs: 28EXPL: 1

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. Vulnerabilidad de liberación despues de uso en la función nsEventListenerManager :: HandleEventSubType en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x anterior a 24.2, Thunderbird antes de 24.2, y SeaMonkey anterior a 2.23 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio ( corrupción de memoria heap) a través de vectores relacionados con los detectores de eventos mListeners. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013 • CWE-416: Use After Free •

CVSS: 10.0EPSS: 3%CPEs: 28EXPL: 1

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. L función nsGfxScrollFrameInner::IsLTR en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x anteriores a 24.2, Thunderbird anteriores a 24.2, y SeaMonkey anteriores a 2.23 permite a atacantes remotos ejecutar código de forma arbitraria a través del uso de código JavaScript manipulado para listas ordenadas de elementos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 2

Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. Vulnerabilidad de liberación despues de uso en la función PresShell :: DispatchSynthMouseMove en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x antes 24.2, Thunderbird antes de 24.2, y SeaMonkey anterior a 2.23 que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria heap) a través de vectores relacionados con el movimiento del ratón sintética, con la función RestyleManager :: GetHoverGeneration. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013 • CWE-416: Use After Free •

CVSS: 5.0EPSS: 0%CPEs: 21EXPL: 0

The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.0, tal y como se usa en Google Chrome anterior a la versión 31.0.1650.48, Ghostscript y otros productos, no comprueba ciertas duplicaciones de datos de componentes durante la lectura de segmentos que siguen marcadores Start Of Scan (SOS), lo que permite a atacantes remotos obtener información sensible desde localizaciones de memoria sin inicializar a través de una imagen JPEG manipulada. • http://advisories.mageia.org/MGASA-2013-0333.html http://archives.neohapsis.com/archives/fulldisclosure/2013-11/0080.html http://bugs.ghostscript.com/show_bug.cgi?id=686980 http://googlechromereleases.blogspot.com/2013/11/stable-channel-update.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •

CVSS: 6.8EPSS: 7%CPEs: 129EXPL: 0

The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. La implementación del ciclo de recolección (CC) en Mozilla Firefox anterior a 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird anterior a 24.1 y SeaMonkey anterior a 2.22 no determina correctamente el hilo para la libración de un objeto imagen, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (condición de carrera y caída de aplicación) a través de un documento HTML que contiene grandes elementos IMG, como lo demuestra lNever-Ending Reddit en reddit.com. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html http://www.mozilla.org/security/announce/2013/mfsa2013-97.html https://bugzilla.mozilla.org/show_bug.cgi?id=910881 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19066 https://security.gentoo.org/glsa/201504-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •