Page 277 of 1524 results (0.013 seconds)

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-8643

https://notcve.org/view.php?id=CVE-2014-8643

Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process. Mozilla Firefox anterior a 35.0 en Windows permite a atacantes remotos evadir el mecanismo de protección sandbox del Gecko Media Plugin (GMP) mediante el aprovechamiento del acceso al proceso GMP, tal y como fue demostrado por el proceso del plugin OpenH264. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://secunia.com/advisories/62253 http://secunia.com/advisories/62446 http://www.mozilla.org/security/announce/2014/mfsa2015-07.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72043 http://www.securitytracker.com/id/1031533 https://bugzilla.mozilla.org/show_bug.cgi?id=1117140&# • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-8642

https://notcve.org/view.php?id=CVE-2014-8642

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no consideran la extensión id-pkix-ocsp-nocheck cuando deciden si confían de un contestador OCSP, lo que facilita a atacantes remotos obtener información sensible mediante la lectura de la red durante una sesión en la cual hubo una decisión incorrecta para aceptar un certificado comprometido y revocado. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62253 http://secunia.com/advisories/62316 http://secunia.com/advisories/62418 http://secunia.com/advisories/62446 http://secunia.com/advisories/62790 http://www.mozilla.org/security/announce/2014/mfsa2015-08.html http://www.oracle.com • CWE-310: Cryptographic Issues •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2014-8637

https://notcve.org/view.php?id=CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no inicializan la memeoria correctamente para las imágenes BMP, lo que permite a atacantes remotos obtener información sensible de los procesos de la memoria a través de una página web manipulada que provoca el renderización de datos BMP malformados dentro de un elemento CANVAS. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62253 http://secunia.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 9%CPEs: 7EXPL: 0

CVE-2014-8641 – Mozilla: Read-after-free in WebRTC (MFSA 2015-06)

https://notcve.org/view.php?id=CVE-2014-8641

Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. Vulnerabilidad de uso después de liberación en la implementación WebRTC en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, y SeaMonkey anterior a 2.32 permite a atacantes remotos ejecutar código arbitrario a través de datos track manipulados. • http://linux.oracle.com/errata/ELSA-2015-0046.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://rhn.redhat.com/errata/RHSA-2015-0046.html http://secunia.com/ad • CWE-416: Use After Free •

CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0

CVE-2014-8634 – Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)

https://notcve.org/view.php?id=CVE-2014-8634

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior a 2.32 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://linux.oracle.com/errata/ELSA-2015-0046.html http://linux.oracle.com/errata/ELSA-2015-0047.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse • CWE-122: Heap-based Buffer Overflow •