CVSS: 7.5EPSS: 28%CPEs: 1EXPL: 0CVE-2014-1543
https://notcve.org/view.php?id=CVE-2014-1543
Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device. Múltiples desbordamientos de buffer basado en memoria dinámica en la función navigator.getGamepads en la API Gamepad en Mozilla Firefox anterior a 30.0 permiten a atacantes remotos ejecutar código arbitrario mediante el uso de axes no contiguos con un dispositivo de Gamepad (1) físico o (2) virtual. • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59171 http://secunia.com/advisories/59387 http://secunia.com/advisories/59486 http://secunia.com/advisories/59866 http://www.mozilla.org/security/announce/2014/mfsa2014-54.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/67969 http://www.securitytracker.com/id/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1539
https://notcve.org/view.php?id=CVE-2014-1539
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. Mozilla Firefox anterior a 30.0 y Thunderbird hasta 24.6 en OS X no aseguran la visibilidad del cursor después de una interacción con un objeto Flash y un elemento DIV, lo que facilita a atacantes remotos realizar ataques de clickjacking a través de código JavaScript que produce un imagen del cursor falso. • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59171 http://secunia.com/advisories/59387 http://secunia.com/advisories/59486 http://www.mozilla.org/security/announce/2014/mfsa2014-50.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/67967 http://www.securitytracker.com/id/1030388 https://bugzilla.mozilla.org/s • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0CVE-2014-1534
https://notcve.org/view.php?id=CVE-2014-1534
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 30.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59229 http://secunia.com/advisories/59377 http:& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2014-1536
https://notcve.org/view.php?id=CVE-2014-1536
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función PropertyProvider::FindJustificationRange en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59229 http://secunia.com/advisories/59377 http:& •
CVSS: 10.0EPSS: 8%CPEs: 1EXPL: 0CVE-2014-1537
https://notcve.org/view.php?id=CVE-2014-1537
Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función mozilla::dom::workers::WorkerPrivateParent en Mozilla Firefox anterior a 30.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2014-06/msg00023.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://lists.opensuse.org/opensuse-updates/2014-07/msg00004.html http://secunia.com/advisories/59052 http://secunia.com/advisories/59171 http://secunia.com/advisories/59229 http://secunia.com/advisories/59377 http:& •