Page 283 of 1524 results (0.011 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-1566

https://notcve.org/view.php?id=CVE-2014-1566

Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515. Mozilla Firefox anterior a 31.1 en Android no restringe debidamente la copia de ficheros locales en la tarjeta SD durante el procesamiento de fichero: URLs, lo que permite a atacantes obtener información sensible del directorio de perfiles de Firefox a través de una aplicación manipulada. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2014-1515 • http://www.mozilla.org/security/announce/2014/mfsa2014-71.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/69522 http://www.securitytracker.com/id/1030792 https://bugzilla.mozilla.org/show_bug.cgi?id=1050690 https://security.gentoo.org/glsa/201504-01 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 6%CPEs: 26EXPL: 0

CVE-2014-1562 – Mozilla: Miscellaneous memory safety hazards (rv:rv:24.8) (MFSA 2014-67)

https://notcve.org/view.php?id=CVE-2014-1562

Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador en Mozilla Firefox anterior a 32.0, Firefox ESR 24.x anterior a 24.8 y 31.x anterior a 31.1 y Thunderbird 24.x anterior a 24.8 y 31.x anterior a 31.1 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00011. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2014-1565

https://notcve.org/view.php?id=CVE-2014-1565

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls. La función mozilla::dom::AudioEventTimeline en la implementación Web Audio API en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anterior a 31.1 y Thunderbird 31.x anterior a 31.1 no crea debidamente las líneas de tiempo de audio, lo que permite a atacantes remotos obtener información sensible de la memoria de procesos o causar una denegación de servicio (lectura fuera de rango) a través de llamadas manipuladas a la API. • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html http://secunia.com/advisories/60148 http://secunia.com/advisories/61114 http://www.mozilla.org/security/announce/2014/mfsa2014-70.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 2%CPEs: 8EXPL: 1

CVE-2014-1564 – Mozilla Firefox 9.0.1 / Thunderbird 3.1.20 - Information Disclosure

https://notcve.org/view.php?id=CVE-2014-1564

Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anterior a 31.1 y Thunderbird 31.x anterior a 31.1 no inicializa debidamente la memoria para la renderización GIF, lo que permite a atacantes remotos obtener información sensible de la memoria de procesos a través de secuencias de comandos web manipuladas que interactúan con un elemento CANVAS asociado con un imagen GIF malformado. • https://www.exploit-db.com/exploits/39295 http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html http://packetstormsecurity.com/files/128132/Mozilla-Firefox-Secret-Leak.html http://seclists.org/fulldisclosure/2014/Sep/18 http://secunia.com/advisories/60148 http:/&# • CWE-824: Access of Uninitialized Pointer •

CVSS: 10.0EPSS: 6%CPEs: 3EXPL: 0

CVE-2014-1554

https://notcve.org/view.php?id=CVE-2014-1554

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 32.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2014-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html http://secunia.com/advisories/62022 http://secunia.com/advisories/62023 http://www.mozilla.org/security/announce/2014/mfsa2014-67.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/69526 http://www.securitytracker.com/id/1030793 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •