CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 1CVE-2014-1532 – Mozilla: Use-after-free in nsHostResolver (MFSA 2014-46)
https://notcve.org/view.php?id=CVE-2014-1532
29 Apr 2014 — Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. Vulnerabilidad de uso después de liberación en la función nsHostResolver::ConditionallyRefreshRecord en libxul.so en Mozilla Firefox anterior a 29.0, Fire... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 27EXPL: 9CVE-2014-1518 – Mozilla: Miscellaneous memory safety hazards (rv:24.5) (MFSA 2014-34)
https://notcve.org/view.php?id=CVE-2014-1518
29 Apr 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegador en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-1523 – Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)
https://notcve.org/view.php?id=CVE-2014-1523
29 Apr 2014 — Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. Desbordamiento de buffer basado en memoria dinámica en la función read_u32 en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remo... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 6%CPEs: 27EXPL: 1CVE-2014-1524 – Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)
https://notcve.org/view.php?id=CVE-2014-1524
29 Apr 2014 — The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. La función nsXBLProtoImpl::InstallImplementation en Mozilla Firefox anterior a 29.0, Firefox ESR 24.... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 1%CPEs: 26EXPL: 7CVE-2014-1493 – Mozilla: Miscellaneous memory safety hazards (rv:24.4) (MFSA 2014-15)
https://notcve.org/view.php?id=CVE-2014-1493
18 Mar 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1494 – Ubuntu Security Notice USN-2150-1
https://notcve.org/view.php?id=CVE-2014-1494
18 Mar 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o po... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html •
CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 1CVE-2014-1497 – Mozilla: Out of bounds read during WAV file decoding (MFSA 2014-17)
https://notcve.org/view.php?id=CVE-2014-1497
18 Mar 2014 — The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. La función mozilla::WaveReader::DecodeAudioData en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird a... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1498 – Ubuntu Security Notice USN-2150-1
https://notcve.org/view.php?id=CVE-2014-1498
18 Mar 2014 — The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. El método crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una ... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-1499 – Ubuntu Security Notice USN-2150-1
https://notcve.org/view.php?id=CVE-2014-1499
18 Mar 2014 — Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos falsificar el nombre del dominio en la solicitud de permisos de (1) cámara o (2) micrófono en WebRTC provocando navegación en cierto momento durante la generación de esta petición. Be... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 0CVE-2014-1500 – Ubuntu Security Notice USN-2150-1
https://notcve.org/view.php?id=CVE-2014-1500
18 Mar 2014 — Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos causar una denegación de servicio (consumo de recursos y cuelgue de aplicación) a través de eventos onBeforeUnload que provocan la ejecución de JavaScript en segundo plano. Benoit Jacob, Olli Pettay, J... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-400: Uncontrolled Resource Consumption •