CVSS: 9.8EPSS: 3%CPEs: 26EXPL: 1CVE-2014-1514 – Mozilla Firefox TypedArrayObject Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1514
18 Mar 2014 — vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. vmtypedarrayobject.cpp en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird ante... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 11CVE-2014-1477 – Mozilla: Miscellaneous memory safety hazards (rv:24.3) (MFSA 2014-01)
https://notcve.org/view.php?id=CVE-2014-1477
04 Feb 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1479 – Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)
https://notcve.org/view.php?id=CVE-2014-1479
04 Feb 2014 — The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. La implementación System Only Wrapper (SOW) en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene ciertas ... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1481 – Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)
https://notcve.org/view.php?id=CVE-2014-1481
04 Feb 2014 — Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir restricciones en objetos de ventana mediante el aprovechamiento de la inconsiste... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 9.3EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1482 – Mozilla: Incorrect use of discarded images by RasterImage (MFSA 2014-04)
https://notcve.org/view.php?id=CVE-2014-1482
04 Feb 2014 — RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. RasterImage.cpp en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene el acceso a datos... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 1CVE-2014-1487 – Mozilla: Cross-origin information leak through web workers (MFSA 2014-09)
https://notcve.org/view.php?id=CVE-2014-1487
04 Feb 2014 — The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. La implementación de Web workers en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permite a atacantes remotos evadir Same Origin Policy y obtener in... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 4%CPEs: 28EXPL: 1CVE-2013-6671 – Mozilla: Segmentation violation when replacing ordered list elements (MFSA 2013-111)
https://notcve.org/view.php?id=CVE-2013-6671
11 Dec 2013 — The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. L función nsGfxScrollFrameInner::IsLTR en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x anteriores a 24.2, Thunderbird anteriores a 24.2, y SeaMonkey anteriores a 2.23 permite a atacantes remotos ejecutar código de forma arbitraria a través ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 2%CPEs: 28EXPL: 4CVE-2013-5609 – Mozilla: Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104)
https://notcve.org/view.php?id=CVE-2013-5609
11 Dec 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox anterior a la versión 26.0, Firefox ESR 24.x anterior a 24.2, Thunderbird anterior a la versión 24.2, y S... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html •
CVSS: 10.0EPSS: 6%CPEs: 28EXPL: 2CVE-2013-5613 – Mozilla: Use-after-free in synthetic mouse movement (MFSA 2013-114)
https://notcve.org/view.php?id=CVE-2013-5613
11 Dec 2013 — Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. Vulnerabilidad de liberación despues de uso en la función PresShell :: DispatchSynthMouseMove en Mozilla Fir... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 28EXPL: 1CVE-2013-5616 – Mozilla: Use-after-free in event listeners (MFSA 2013-108)
https://notcve.org/view.php?id=CVE-2013-5616
11 Dec 2013 — Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners. Vulnerabilidad de liberación despues de uso en la función nsEventListenerManager :: HandleEventSubType en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-416: Use After Free •