CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-1589
https://notcve.org/view.php?id=CVE-2014-1589
Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding. Mozilla Firefox anterior a 34.0 y SeaMonkey anterior a 2.31 proporcionan hojas de estilo con un espacio de nombre primario incorrecto, lo que permite a atacantes remotos evadir las restricciones de acceso a través de una vinculación XBL. • http://www.mozilla.org/security/announce/2014/mfsa2014-84.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=1043787 https://security.gentoo.org/glsa/201504-01 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 3%CPEs: 4EXPL: 0CVE-2014-1590 – Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)
https://notcve.org/view.php?id=CVE-2014-1590
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. El método de enviar prototipo XMLHttpRequest.en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un objeto JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-85.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71397 https://bugzilla.mozilla.org/show_bug.cgi?id=1087633 https://security& • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 6%CPEs: 4EXPL: 0CVE-2014-1592 – Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87)
https://notcve.org/view.php?id=CVE-2014-1592
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Vulnerabilidad de uso después de liberación en la función nsHtml5TreeOperation en xul.dll en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos ejecutar código arbitrario mediante la adición de un segundo elemento root a un documento HTML5 durante el análisis sintáctico. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-87.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71398 https://bugzilla.mozilla.org/show_bug.cgi?id=1088635 https://security& • CWE-416: Use After Free •
CVSS: 6.8EPSS: 11%CPEs: 4EXPL: 0CVE-2014-1593 – Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)
https://notcve.org/view.php?id=CVE-2014-1593
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Desbordamiento de buffer basado en pila en la función mozilla::FileBlockCache::Read en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos ejecutar código arbitrario a través de contenidos de medios manipulados. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-88.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71395 https://bugzilla.mozilla.org/show_bug.cgi?id=1085175 https://security& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 5%CPEs: 4EXPL: 0CVE-2014-1594 – Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)
https://notcve.org/view.php?id=CVE-2014-1594
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de una conversión de datos incorrecta del tipo BasicThebesLayer al tipo BasicContainerLayer. • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://www.debian.org/security/2014/dsa-3090 http://www.debian.org/security/2014/dsa-3092 http://www.mozilla.org/security/announce/2014/mfsa2014-89.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/71396 https://bugzilla.mozilla.org/show_bug.cgi?id=1074280 https://security& • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function •