CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2014-8638 – Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03)
https://notcve.org/view.php?id=CVE-2014-8638
14 Jan 2015 — The navigator.sendBeacon implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 omits the CORS Origin header, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site. La implementación navigator.sendBeacon en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 omite la ... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 8EXPL: 0CVE-2014-8639 – Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
https://notcve.org/view.php?id=CVE-2014-8639
14 Jan 2015 — Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 (aka Proxy Authentication Required) status code, which allows remote HTTP proxy servers to conduct session fixation attacks by providing a cookie name that corresponds to the session cookie of the origin server. Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey ante... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8632 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-8632
11 Dec 2014 — The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal. La implementación structured-clone en Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 no interactúa correctamente con el filtrado de los propiedades de XrayWrapper, lo que permite a atacantes remotos evadir ... • http://www.mozilla.org/security/announce/2014/mfsa2014-91.html • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8631 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-8631
11 Dec 2014 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 soporta el pasaje de la interfaz nativa, lo que permite a atacantes remotos evadir las restricciones de los objetos DOM a través de una llamada a un métod... • http://www.mozilla.org/security/announce/2014/mfsa2014-91.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1594 – Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)
https://notcve.org/view.php?id=CVE-2014-1594
02 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de una conversión de datos ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1592 – Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87)
https://notcve.org/view.php?id=CVE-2014-1592
02 Dec 2014 — Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Vulnerabilidad de uso después de liberación en la función nsHtml5TreeOperation en xul.dll en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey an... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-416: Use After Free •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1591 – Ubuntu Security Notice USN-2424-1
https://notcve.org/view.php?id=CVE-2014-1591
02 Dec 2014 — Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect. Mozilla Firefox 33.0 y SeaMonkey anterior a 2.31 incluyen cadenas de rutas en informes de violaciones CSP, lo que permite a atacantes remotos obtener información sensible a través de un sitio web que recibe un informe después de una redirección. Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderm... • http://www.mozilla.org/security/announce/2014/mfsa2014-86.html • CWE-199: Information Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1587 – Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83)
https://notcve.org/view.php?id=CVE-2014-1587
02 Dec 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2014-1593 – Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)
https://notcve.org/view.php?id=CVE-2014-1593
02 Dec 2014 — Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Desbordamiento de buffer basado en pila en la función mozilla::FileBlockCache::Read en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos ejecutar ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2014-1588 – Ubuntu Security Notice USN-2424-1
https://notcve.org/view.php?id=CVE-2014-1588
02 Dec 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o... • http://www.mozilla.org/security/announce/2014/mfsa2014-83.html •