CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 1CVE-2014-1491 – nss: Do not allow p-1 as a public DH value (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1491
06 Feb 2014 — Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a ... • http://hg.mozilla.org/projects/nss/rev/12c42006aed8 • CWE-326: Inadequate Encryption Strength CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 0CVE-2011-3377 – IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass
https://notcve.org/view.php?id=CVE-2011-3377
05 Feb 2014 — The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain. El plug-in de navegador web en IcedTea-Web 1.0.x anterior a 1.0.6 y 1.1.x anterior a 1.1.4, permite a atacantes remotos evadir el Same Origin Policy (SOP) y ejecutar script... • http://dbhole.wordpress.com/2011/11/08/icedtea-web-1-0-6-and-1-1-4-security-releases-released • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 11CVE-2014-1477 – Mozilla: Miscellaneous memory safety hazards (rv:24.3) (MFSA 2014-01)
https://notcve.org/view.php?id=CVE-2014-1477
04 Feb 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1479 – Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)
https://notcve.org/view.php?id=CVE-2014-1479
04 Feb 2014 — The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. La implementación System Only Wrapper (SOW) en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene ciertas ... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1481 – Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)
https://notcve.org/view.php?id=CVE-2014-1481
04 Feb 2014 — Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir restricciones en objetos de ventana mediante el aprovechamiento de la inconsiste... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 9.3EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1482 – Mozilla: Incorrect use of discarded images by RasterImage (MFSA 2014-04)
https://notcve.org/view.php?id=CVE-2014-1482
04 Feb 2014 — RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. RasterImage.cpp en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene el acceso a datos... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 8%CPEs: 23EXPL: 0CVE-2014-1486 – Mozilla Firefox imgRequestProxy Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1486
04 Feb 2014 — Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. Vulnerabilidad de uso después de liberación en la función imgRequestProxy en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permite a atacante... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 1CVE-2014-1487 – Mozilla: Cross-origin information leak through web workers (MFSA 2014-09)
https://notcve.org/view.php?id=CVE-2014-1487
04 Feb 2014 — The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. La implementación de Web workers en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permite a atacantes remotos evadir Same Origin Policy y obtener in... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •
CVSS: 8.6EPSS: 8%CPEs: 16EXPL: 0CVE-2013-6393 – libyaml: heap-based buffer overflow when parsing YAML tags
https://notcve.org/view.php?id=CVE-2013-6393
01 Feb 2014 — The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. La función yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un "cast" incorrecto, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y prob... • http://advisories.mageia.org/MGASA-2014-0040.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 3%CPEs: 20EXPL: 0CVE-2013-6425 – pixman: integer underflow when handling trapezoids
https://notcve.org/view.php?id=CVE-2013-6425
19 Dec 2013 — Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. Desbordamiento de entero en la macro pixman_trapezoid_valid en pixman.h de Pixman anteriores a 0.32.0, utilizado en el servidor X.Org y cairo, permite a atacantes dependientes de contexto causar una denegación de servicio (crash) a través de un valor mínimo negativo. Pixman is a pixel... • http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c • CWE-190: Integer Overflow or Wraparound CWE-191: Integer Underflow (Wrap or Wraparound) •