Page 55 of 300 results (0.008 seconds)

CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0

CVE-2014-1488

https://notcve.org/view.php?id=CVE-2014-1488

The Web workers implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving termination of a worker process that has performed a cross-thread object-passing operation in conjunction with use of asm.js. La implementación Web Workers en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran una terminación de un proceso worker que ha realizado una operación de paso de objeto entre hilos en conjunción con el uso de asm.js • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102875 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-11.html http://www.oracle.com/technetwork •

CVSS: 5.0EPSS: 0%CPEs: 13EXPL: 0

CVE-2014-1483

https://notcve.org/view.php?id=CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint functions. Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir Same Origin Policy y obtener información sensible usando un elemento IFRAME en conjunción con ciertas medidas de tiempo involucrando las funciones document.caretPositionFromPoint y document.elementFromPoint. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102869 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-05.html http://www.oracle.com/technetwork • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 4.3EPSS: 1%CPEs: 225EXPL: 0

CVE-2014-1489

https://notcve.org/view.php?id=CVE-2014-1489

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Mozilla Firefox anterior a 27.0 no restringe debidamente el acceso a botones about:home por script en otras páginas, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (restablecimiento de sesión) a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://osvdb.org/102874 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-10.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/65329 http://www.securitytracker.com/id/1029717 http://www.ubuntu.com/usn/USN-2102-1 http://www.ubun • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

CVE-2014-1485

https://notcve.org/view.php?id=CVE-2014-1485

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient style-src restrictions. La implementación de Content Security Policy (CSP) en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 opera en hojas de estilo XSLT acorde con las directivas style-src en vez de las directivas script-src, lo que permitiría a atacantes remotos ejecutar código XSLT arbitrario mediante el aprovechamiento de las insuficientes restricciones style-src. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102871 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://www.mozilla.org/security/announce/2014/mfsa2014-07.html http://www.oracle.com/technetwork •

CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0

CVE-2014-1478

https://notcve.org/view.php?id=CVE-2014-1478

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0 y SeaMonkey anterior a 2.24 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar un código arbitrario a través de vectores relacionados con la clase MPostWriteBarrier en js/src/jit/MIR.h y alineación de pila en js/src/jit/AsmJS.cpp en OdinMonkey y otros vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://osvdb.org/102865 http://secunia.com/advisories/56706 http://secunia.com/advisories/56767 http://secunia.com/advisories/56787 http://secunia.com/advisories/56888 http://secunia.com/advisories/56922 http://www.mozilla.org/security/announce/2014/mfsa2014-01.html& • CWE-787: Out-of-bounds Write •