CVSS: 9.3EPSS: 6%CPEs: 20EXPL: 0CVE-2014-1555 – Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61)
https://notcve.org/view.php?id=CVE-2014-1555
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Vulnerabilidad de uso después de liberación en la función nsDocLoader::OnProgress en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan un evento FireOnStateChange. • http://linux.oracle.com/errata/ELSA-2014-0918.html http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60306 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.mozilla.org/security/announce/ • CWE-416: Use After Free •
CVSS: 10.0EPSS: 10%CPEs: 71EXPL: 0CVE-2014-1544 – nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)
https://notcve.org/view.php?id=CVE-2014-1544
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Vulnerabilidad de uso después de liberación en la función CERT_DestroyCertificate en libnss3.so en Mozilla Network Security Services (NSS) 3.x, utilizado en Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7, permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan cierta eliminación indebida de una estructura NSSCertificate de un dominio de confianza. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. • http://secunia.com/advisories/59591 http://secunia.com/advisories/59719 http://secunia.com/advisories/59760 http://secunia.com/advisories/60083 http://secunia.com/advisories/60486 http://secunia.com/advisories/60621 http://secunia.com/advisories/60628 http://www.debian.org/security/2014/dsa-2986 http://www.debian.org/security/2014/dsa-2996 http://www.mozilla.org/security/announce/2014/mfsa2014-63.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htm • CWE-416: Use After Free •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2014-1537
https://notcve.org/view.php?id=CVE-2014-1537
Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función mozilla::dom::workers::WorkerPrivateParent en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59229 http://secunia.com/advisories/59377 http:& •
CVSS: 9.3EPSS: 2%CPEs: 1EXPL: 0CVE-2014-1540
https://notcve.org/view.php?id=CVE-2014-1540
Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función nsEventListenerManager::CompileEventHandlerInternal en Event Listener Manager en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de contenido web manipulado. • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59387 http://secunia.com/advisories/59486 http://secunia.com/advisories/59866 http://www.mozilla.org/security/announce/2014/mfsa2014-51.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/67978 •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2014-1536
https://notcve.org/view.php?id=CVE-2014-1536
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función PropertyProvider::FindJustificationRange en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59229 http://secunia.com/advisories/59377 http:& •