CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2014-1574 – Mozilla: Miscellaneous memory safety hazards (rv:31.2) (MFSA 2014-74)
https://notcve.org/view.php?id=CVE-2014-1574
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 0CVE-2014-1578 – Mozilla: Out-of-bounds write with WebM video (MFSA 2014-77)
https://notcve.org/view.php?id=CVE-2014-1578
The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. La función get_tile en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacantes remotos causar una denegación de servicio (escritura fuera de rango y caída de aplicación) o posiblemente ejecutar código arbitrario a través de temas WebM con tamaños de 'tile' inválidos que se manejan indebidamente en operaciones de buffer durante la reproducción de vídeos. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 1CVE-2014-1575
https://notcve.org/view.php?id=CVE-2014-1575
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to improper interaction between threading and garbage collection in the GCRuntime::triggerGC function in js/src/jsgc.cpp, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 33.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores relacionados con la interacción indebida entre el hilo y la recolección de basura en la función GCRuntime::triggerGC en js/src/jsgc.cpp, y otros vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html http://secunia.com/advisories/62022 http://secunia.com/advisories/62023 http://www.mozilla.org/security/announce/2014/mfsa2014-74.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2014-1585
https://notcve.org/view.php?id=CVE-2014-1585
The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information from the local camera by maintaining a session after the user tries to discontinue streaming. La caracteristica de compartir vídeos WebRTC en dom/media/MediaManager.cpp en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 no reconoce debidamente las acciones Stop Sharing para los vídeos en los elementos IFRAME, lo que permite a atacantes remotos obtener información sensible de la camera local mediante el mantenimiento de una sesión después de que el usuario intente descontinuar el flujo. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-1580 – Firefox / MSIE Memory Disclosure Bugs
https://notcve.org/view.php?id=CVE-2014-1580
Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element. Mozilla Firefox anterior a 33.0 no inicializa debidamente la memoria para los imágenes GIF, lo que permite a atacantes remotos obtener información sensible de la memoria de procesos a través de una página web manipulada que provoca una secuencia de operaciones de renderización para datos GIF truncados dentro de un elemento CANVAS. Firefox versions prior to 33 leak bits of uninitialized memory when rendering certain types of truncated images onto canvas tags. Secondly, MSRC case #19611cz is a seemingly similar issue with Internet Explorer apparently using bits of uninitialized stack data when handling JPEG files with an oddball DHT. • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141085.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-11/msg00002.html http://secunia.com/advisories/62022 http://secunia.com/advisories/62023 http://www.mozilla.org/security/announce/2014/mfsa2014-78.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •