CVSS: 9.8EPSS: 42%CPEs: 233EXPL: 0CVE-2014-1568 – nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)
https://notcve.org/view.php?id=CVE-2014-1568
25 Sep 2014 — Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof ... • http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1539 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1539
11 Jun 2014 — Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. Mozilla Firefox anterior a 30.0 y Thunderbird hasta 24.6 en OS X no aseguran la visibilidad del cursor después de una interacción con un objeto Flash y un elemento DIV, lo que facilita a atacantes remotos realizar ataques... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1729
https://notcve.org/view.php?id=CVE-2013-1729
18 Sep 2013 — The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. La implementación WebGL en Mozilla Firefox (anteriores a 24.0), cuando se utilizan los drivers gráficos NVIDIA en Mac OS X, permite a atacantes remotos obtener capturas de pantalla del escritorio leyendo de un elemento CANVAS. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 28EXPL: 1CVE-2012-5830 – Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)
https://notcve.org/view.php?id=CVE-2012-5830
21 Nov 2012 — Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. Vulnerabilidad de uso después de liberación en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17.0, Thunderbird ESR 10.x antes de 10.0.11, y SeaMonkey antes de 2.14 en Mac OS X permite a atacantes remotos e... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 123EXPL: 0CVE-2012-0450
https://notcve.org/view.php?id=CVE-2012-0450
01 Feb 2012 — Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. Mozilla Firefox 4.x hasta la versión 9.0 y SeaMonkey anteriores a la 2.7 en Linux y Mac OS X establecen permisos débiles para Firefox Recovery Key.html, lo que puede permitir a usuarios locales leer una clave Firefox Sync a través de un operación del sistema de archivos estándar. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 326EXPL: 0CVE-2011-3664
https://notcve.org/view.php?id=CVE-2011-3664
21 Dec 2011 — Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. Mozilla Firefox antes de v9.0, Thunderbird antes de v9.0, y SeaMonkey antes de v2.6 en Mac OS X, no maneja apropiadamente algunos supresiones de marcos DOM por los complementos, lo ... • http://secunia.com/advisories/47302 •
CVSS: 8.1EPSS: 0%CPEs: 226EXPL: 0CVE-2011-3666
https://notcve.org/view.php?id=CVE-2011-3666
21 Dec 2011 — Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X. Mozilla Firefox antes de v3.6.25 y Thunderbird antes de v3.1.17 en Mac OS X no consideran los archivos .jar como ejecutables, lo que permite a atacantes remotos asistidos por el usurio evitar las... • http://www.mozilla.org/security/announce/2011/mfsa2011-59.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 222EXPL: 0CVE-2011-3653
https://notcve.org/view.php?id=CVE-2011-3653
09 Nov 2011 — Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. Mozilla Firefox en versiones anteriores a la 8.0 y Thunderbird anteriores a la 8.0 en Mac OS X no interactúan apropiadamente con el comportamiento de memoria GPU de determinados controladores de GPUs integradas Intel, lo qu... • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 167EXPL: 0CVE-2011-0076
https://notcve.org/view.php?id=CVE-2011-0076
07 May 2011 — Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. Vulnerabilidad no especificada en el Java Embedding Plugin (JEP) en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, en Mac OS X permite a atacantes remotos evitar las restricciones de acceso a través de vectores desconoc... • http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 •
CVSS: 9.3EPSS: 3%CPEs: 229EXPL: 0CVE-2010-2770
https://notcve.org/view.php?id=CVE-2010-2770
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 en Mac OS X permite a atacantes remotos provocar una de... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •