CVSS: 10.0EPSS: 17%CPEs: 26EXPL: 1CVE-2014-1512 – Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1512
18 Mar 2014 — Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. Vulnerabilidad de uso después de liberación en la clase TypeObject en el motor JavaScript en Mozilla Firefox anterior a 28.0, Fire... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 26EXPL: 1CVE-2014-1513 – Mozilla Firefox ArrayBuffer Out-Of-Bounds Read/Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1513
18 Mar 2014 — TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site. TypedArrayObject.cpp en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 no... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 3%CPEs: 26EXPL: 1CVE-2014-1514 – Mozilla Firefox TypedArrayObject Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1514
18 Mar 2014 — vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class. vmtypedarrayobject.cpp en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird ante... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 35EXPL: 0CVE-2014-0101 – kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk
https://notcve.org/view.php?id=CVE-2014-0101
11 Mar 2014 — The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk. La función sctp_sf_do_5_1D_ce en net/sctp/sm_statefuns.c en el kernel de Linux hasta la versión 3.13.6 no v... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ec0223ec48a90cb605244b45f7c62de856403729 • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0069 – kernel: cifs: incorrect handling of bogus user pointers during uncached writes
https://notcve.org/view.php?id=CVE-2014-0069
28 Feb 2014 — The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente opera... • http://article.gmane.org/gmane.linux.kernel.cifs/9401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 11CVE-2014-1477 – Mozilla: Miscellaneous memory safety hazards (rv:24.3) (MFSA 2014-01)
https://notcve.org/view.php?id=CVE-2014-1477
04 Feb 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1479 – Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)
https://notcve.org/view.php?id=CVE-2014-1479
04 Feb 2014 — The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. La implementación System Only Wrapper (SOW) en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene ciertas ... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1481 – Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)
https://notcve.org/view.php?id=CVE-2014-1481
04 Feb 2014 — Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir restricciones en objetos de ventana mediante el aprovechamiento de la inconsiste... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 9.3EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1482 – Mozilla: Incorrect use of discarded images by RasterImage (MFSA 2014-04)
https://notcve.org/view.php?id=CVE-2014-1482
04 Feb 2014 — RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. RasterImage.cpp en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene el acceso a datos... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 8%CPEs: 23EXPL: 0CVE-2014-1486 – Mozilla Firefox imgRequestProxy Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1486
04 Feb 2014 — Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. Vulnerabilidad de uso después de liberación en la función imgRequestProxy en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permite a atacante... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-416: Use After Free •