Page 277 of 1901 results (0.051 seconds)

CVSS: 6.8EPSS: 3%CPEs: 249EXPL: 0

CVE-2015-0831 – Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)

https://notcve.org/view.php?id=CVE-2015-0831

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Vulnerabilidad de uso después de liberación en la función mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de contenidos manipulados que son manejados incorrectamente durante la creación del índice IndexedDB. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07 • CWE-416: Use After Free •

CVSS: 7.5EPSS: 93%CPEs: 2EXPL: 2

CVE-2014-8636 – Firefox Proxy Prototype Privileged Javascript Injection

https://notcve.org/view.php?id=CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. La implementación XrayWrapper en Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no interactua correctamente con un objeto DOM que tiene nombrado un getter nombrado, lo que podría permitir a atacantes remotos ejecutar código JavaScript arbitrario con privilegios chrome a través de vectores no especificados. • https://www.exploit-db.com/exploits/36480 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://packetstormsecurity.com/files/130972/Firefox-Proxy-Prototype-Privileged-Javascript-Injection.h • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 26%CPEs: 2EXPL: 0

CVE-2014-8635

https://notcve.org/view.php?id=CVE-2014-8635

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caida de la aplicación) o la posibilidad de ejecutar código arbitrario a través de vectores no conocidos • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-01/msg00071.html http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62253 http://secunia.com/advisories/62316 http://secunia.com/advisories/62418 http://secunia.com/advi •

CVSS: 5.0EPSS: 4%CPEs: 4EXPL: 0

CVE-2014-8640

https://notcve.org/view.php?id=CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. La función mozilla::dom::AudioParamTimeline::AudioNodeInputValue en la implementación de API Web Audio en Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no restringe correctamente las operaciones de líneas de tiempos, lo que permite a atacantes remotos causar una denegación de servicio (lectura de memoria no inicializada y caída de la aplicación) via crafted API calls. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://secunia.com/advisories/62242 http://secunia.com/advisories/62250 http://secunia.com/advisories/62418 http://secunia.com • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

CVE-2014-8643

https://notcve.org/view.php?id=CVE-2014-8643

Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process. Mozilla Firefox anterior a 35.0 en Windows permite a atacantes remotos evadir el mecanismo de protección sandbox del Gecko Media Plugin (GMP) mediante el aprovechamiento del acceso al proceso GMP, tal y como fue demostrado por el proceso del plugin OpenH264. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00002.html http://secunia.com/advisories/62253 http://secunia.com/advisories/62446 http://www.mozilla.org/security/announce/2014/mfsa2015-07.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/72043 http://www.securitytracker.com/id/1031533 https://bugzilla.mozilla.org/show_bug.cgi?id=1117140&# • CWE-264: Permissions, Privileges, and Access Controls •