CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2014-1530 – Mozilla: Cross-site scripting (XSS) using history navigations (MFSA 2014-43)
https://notcve.org/view.php?id=CVE-2014-1530
29 Apr 2014 — The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. La implementación docshell en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remo... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 27EXPL: 1CVE-2014-1531 – Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44)
https://notcve.org/view.php?id=CVE-2014-1531
29 Apr 2014 — Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. Vulnerabilidad de uso después de liberación en la función nsGenericHTMLElement::GetWidthHeightForIma... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 6%CPEs: 27EXPL: 1CVE-2014-1524 – Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)
https://notcve.org/view.php?id=CVE-2014-1524
29 Apr 2014 — The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. La función nsXBLProtoImpl::InstallImplementation en Mozilla Firefox anterior a 29.0, Firefox ESR 24.... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 3CVE-2014-1519 – Ubuntu Security Notice USN-2185-1
https://notcve.org/view.php?id=CVE-2014-1519
29 Apr 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegador en Mozilla Firefox anterior a 29.0 y SeaMonkey anterior a 2.26 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o pos... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-1523 – Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)
https://notcve.org/view.php?id=CVE-2014-1523
29 Apr 2014 — Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. Desbordamiento de buffer basado en memoria dinámica en la función read_u32 en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remo... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 2CVE-2014-1516 – Firefox for Android Information Leak
https://notcve.org/view.php?id=CVE-2014-1516
26 Mar 2014 — The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it easier for attackers to bypass a profile-randomization protection mechanism via a crafted application. La función saltProfileName en base/GeckoProfileDirectories.java en Mozilla Firefox hasta 28.0.1 en Android depende del acercamiento débil de Android para crear la semilla de la función Math.random, lo que facilit... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1515 – Firefox for Android Information Leak
https://notcve.org/view.php?id=CVE-2014-1515
25 Mar 2014 — Mozilla Firefox before 28.0.1 on Android processes a file: URL by copying a local file onto the SD card, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. Mozilla Firefox anterior a 28.0.1 en Android procesa un archivo: URL copiando un archivo local a la tarjeta SD, lo que permite a atacantes obtener información sensible del directorio de perfil de Firefox a través de una aplicación manipulada. A series of vulnerabilities have been discovere... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 223EXPL: 0CVE-2014-1501
https://notcve.org/view.php?id=CVE-2014-1501
19 Mar 2014 — Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Mozilla Firefox anterior a 28.0 en Android permite a atacantes remotos evadir Same Origin Policy y acceder a archivos arbitrarios: URLs a través de vectores que involucran la selección de menú "Abrir enlace en una pestaña nueva". • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2014-1496 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1496
19 Mar 2014 — Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 podría permitir a usuarios locales ganar privilegios mediante la modificación de los contenidos Mar extraídos durante una actualización. Multiple vulnerabilities have been found ... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-269: Improper Privilege Management •
CVSS: 6.4EPSS: 2%CPEs: 219EXPL: 0CVE-2014-1506 – Firefox for Android Information Leak
https://notcve.org/view.php?id=CVE-2014-1506
19 Mar 2014 — Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter arguments. Vulnerabilidad de salto de directorio en Android Crash Reporter en Mozilla Firefox anterior a 28.0 en Android permite a atacantes provocar la transmisión de archivos locales a servidores arbitrarios, o c... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0153.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •