CVE-2014-1531 – Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44)
https://notcve.org/view.php?id=CVE-2014-1531
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. Vulnerabilidad de uso después de liberación en la función nsGenericHTMLElement::GetWidthHeightForImage en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remotos ejecuatr código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores involucrando un objeto imgLoader que no se maneja debidamente durante una operación de dimensionamiento de imagen. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-416: Use After Free •
CVE-2014-1523 – Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)
https://notcve.org/view.php?id=CVE-2014-1523
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. Desbordamiento de buffer basado en memoria dinámica en la función read_u32 en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un imagen JPEG manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2014-1529 – Mozilla: Privilege escalation through Web Notification API (MFSA 2014-42)
https://notcve.org/view.php?id=CVE-2014-1529
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. La API Web Notification en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remotos evadir restricciones de componente de fuente y ejecutar código Java arbitrario en un contexto privilegiado a través de una página web manipulada para la cual se concede permiso Notification. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-269: Improper Privilege Management •
CVE-2014-1514 – Mozilla Firefox TypedArrayObject Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1514
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. vmtypedarrayobject.cpp en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 no valida la longitud del array de destino antes de una operación de copiar, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (escritura fuera de rango y caída de aplicación) mediante el aprovechamiento del uso incorrecto de la clase TypedArrayObject. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArrayObjects. The issue lies in improper handling when neutering an array. An attacker can leverage this vulnerability to execute code under the context of the current process. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-787: Out-of-bounds Write •
CVE-2014-1508 – Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)
https://notcve.org/view.php?id=CVE-2014-1508
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. La función libxul.so!gfxContext::Polygon en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos obtener información sensible de la memoria de procesos, causar una denegación de servicio (lectura fuera de rango y caída de aplicación), o posiblemente evadir Same Origin Policy a través de vectores involucrando la renderización de polígono MathML. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-125: Out-of-bounds Read •