CVSS: 9.8EPSS: 43%CPEs: 26EXPL: 3CVE-2014-1511 – Mozilla Firefox Pop-Up Blocker Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2014-1511
18 Mar 2014 — Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permiten a atacantes remotos evadir el bloqueo de ventanas emergentes a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installatio... • https://packetstorm.news/files/id/128022 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1494 – Ubuntu Security Notice USN-2150-1
https://notcve.org/view.php?id=CVE-2014-1494
18 Mar 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o po... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html •
CVSS: 8.8EPSS: 1%CPEs: 24EXPL: 1CVE-2014-1509 – Mozilla: Memory corruption in Cairo during PDF font rendering (MFSA 2014-27)
https://notcve.org/view.php?id=CVE-2014-1509
18 Mar 2014 — Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. Desbordamiento de buffer en la función _cairo_truetype_index_to_ucs4 en cairo, utilizado en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterio... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 48%CPEs: 26EXPL: 1CVE-2014-1512 – Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1512
18 Mar 2014 — Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. Vulnerabilidad de uso después de liberación en la clase TypeObject en el motor JavaScript en Mozilla Firefox anterior a 28.0, Fire... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2013-6167 – Mozilla Firefox - Cookie Verification Denial of Service
https://notcve.org/view.php?id=CVE-2013-6167
15 Feb 2014 — Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. Mozilla Firefox hasta 27 envía cabeceras HTTP Cookie sin antes validar que tiene las restricciones character-set necesarias, lo que permite a atacantes remotos realizar el equivalent... • https://www.exploit-db.com/exploits/38798 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2014-1491 – nss: Do not allow p-1 as a public DH value (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1491
06 Feb 2014 — Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a ... • http://hg.mozilla.org/projects/nss/rev/12c42006aed8 • CWE-326: Inadequate Encryption Strength CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2014-1488 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1488
06 Feb 2014 — The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. La implementación Web Workers en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una terminación de un proceso worker que h... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html •
CVSS: 8.1EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1480 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1480
06 Feb 2014 — The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. La implementación de descarga de archivos en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 no restringe debidamente el tiempo de las selecciones de botón, lo que permite a atacantes remotos llevar a cabo at... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 1%CPEs: 225EXPL: 0CVE-2014-1489 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1489
06 Feb 2014 — Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Mozilla Firefox anterior a 27.0 no restringe debidamente el acceso a botones about:home por script en otras páginas, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (restablecimiento de sesión) a través de un sitio web manipulado. Christian Hol... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2014-1483 – Ubuntu Security Notice USN-2102-2
https://notcve.org/view.php?id=CVE-2014-1483
06 Feb 2014 — Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir Same Origin Policy y obtener información sensible usando un elemento IFRAME en conjunción con ciertas medidas d... • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •