Page 295 of 2504 results (0.020 seconds)

CVSS: 8.8EPSS: 2%CPEs: 26EXPL: 1

CVE-2014-1497 – Mozilla: Out of bounds read during WAV file decoding (MFSA 2014-17)

https://notcve.org/view.php?id=CVE-2014-1497

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. La función mozilla::WaveReader::DecodeAudioData en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos obtener información sensible de memoria dinámica de procesos, causar una denegación de servicio (lectura fuera de rango y caída de aplicación), o posiblemente tener otro impacto no especificado a través de un archivo WAV manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-125: Out-of-bounds Read •

CVSS: 5.0EPSS: 2%CPEs: 10EXPL: 0

CVE-2014-1498

https://notcve.org/view.php?id=CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. El método crypto.generateCRMFRequest en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no valida debidamente cierto tipo de clave, lo que permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de vectores que provocan la generación de una clave que soporta el algoritmo Elliptic Curve ec-dual-use. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-18.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=935618 https://s • CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-1499

https://notcve.org/view.php?id=CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos falsificar el nombre del dominio en la solicitud de permisos de (1) cámara o (2) micrófono en WebRTC provocando navegación en cierto momento durante la generación de esta petición. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-19.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=961512 https://s •

CVSS: 5.0EPSS: 3%CPEs: 10EXPL: 0

CVE-2014-1500

https://notcve.org/view.php?id=CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos causar una denegación de servicio (consumo de recursos y cuelgue de aplicación) a través de eventos onBeforeUnload que provocan la ejecución de JavaScript en segundo plano. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-20.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=956524 https://s • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-1502

https://notcve.org/view.php?id=CVE-2014-1502

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. Las funciones (1) WebGL.compressedTexImage2D y (2) WebGL.compressedTexSubImage2D en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos evadir Same Origin Policy y renderizar contenido en un dominio diferente a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-22.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=972622 https://s • CWE-346: Origin Validation Error •