CVE-2014-1524 – Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)
https://notcve.org/view.php?id=CVE-2014-1524
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. La función nsXBLProtoImpl::InstallImplementation en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 no comprueba debidamente si objetos son objetos XBL, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de buffer) a través de código Java manipulado que accede a un objeto no XBL como si fuera un objeto XBL. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2014-1531 – Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44)
https://notcve.org/view.php?id=CVE-2014-1531
Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. Vulnerabilidad de uso después de liberación en la función nsGenericHTMLElement::GetWidthHeightForImage en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remotos ejecuatr código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores involucrando un objeto imgLoader que no se maneja debidamente durante una operación de dimensionamiento de imagen. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-416: Use After Free •
CVE-2014-1523 – Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)
https://notcve.org/view.php?id=CVE-2014-1523
Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. Desbordamiento de buffer basado en memoria dinámica en la función read_u32 en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango y caída de la aplicación) a través de un imagen JPEG manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVE-2014-1529 – Mozilla: Privilege escalation through Web Notification API (MFSA 2014-42)
https://notcve.org/view.php?id=CVE-2014-1529
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. La API Web Notification en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remotos evadir restricciones de componente de fuente y ejecutar código Java arbitrario en un contexto privilegiado a través de una página web manipulada para la cual se concede permiso Notification. • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132437.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00015.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00010.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00013.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00033.html http: • CWE-269: Improper Privilege Management •
CVE-2014-0181 – kernel: net: insufficient permision checks of netlink messages
https://notcve.org/view.php?id=CVE-2014-0181
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. La implementación Netlink en el kernel de Linux hasta 3.14.1 no proporciona un mecanismo para autorizar operaciones socket basadas en el abridor de un socket, lo que permite a usuarios locales evadir restricciones de acceso y modificar configuraciones de red mediante el uso de un socket Netlink para (1) stdout o (2) stderr de un programa setuid. It was found that the permission checks performed by the Linux kernel when a netlink message was received were not sufficient. A local, unprivileged user could potentially bypass these restrictions by passing a netlink socket as stdout or stderr to a more privileged process and altering the output of this process. • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html http://marc.info/?l=linux-netdev&m=139828832919748&w=2 http://rhn.redhat.com/errata/RHSA-2014-1959.html http://www.open • CWE-264: Permissions, Privileges, and Access Controls •