CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2014-1587 – Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83)
https://notcve.org/view.php?id=CVE-2014-1587
02 Dec 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-1590 – Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)
https://notcve.org/view.php?id=CVE-2014-1590
02 Dec 2014 — The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. El método de enviar prototipo XMLHttpRequest.en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos causar una denegación de servicio (caída de la aplic... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 14%CPEs: 4EXPL: 0CVE-2014-1593 – Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)
https://notcve.org/view.php?id=CVE-2014-1593
02 Dec 2014 — Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Desbordamiento de buffer basado en pila en la función mozilla::FileBlockCache::Read en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos ejecutar ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 0CVE-2014-1594 – Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)
https://notcve.org/view.php?id=CVE-2014-1594
02 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de una conversión de datos ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function •
CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 0CVE-2014-1592 – Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87)
https://notcve.org/view.php?id=CVE-2014-1592
02 Dec 2014 — Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Vulnerabilidad de uso después de liberación en la función nsHtml5TreeOperation en xul.dll en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey an... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2014-1491 – nss: Do not allow p-1 as a public DH value (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1491
06 Feb 2014 — Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. Mozilla Network Security Services (NSS) anterior a 3.15.4, utilizado en Mozilla Firefox anterior a ... • http://hg.mozilla.org/projects/nss/rev/12c42006aed8 • CWE-326: Inadequate Encryption Strength CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.3EPSS: 2%CPEs: 23EXPL: 0CVE-2014-1490 – nss: TOCTOU, potential use-after-free in libssl's session ticket processing (MFSA 2014-12)
https://notcve.org/view.php?id=CVE-2014-1490
06 Feb 2014 — Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket. Condición de carrera en libssl en Mozilla Network Security Services (NSS) ant... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 21EXPL: 0CVE-2013-6629 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6629
12 Nov 2013 — The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.... • http://advisories.mageia.org/MGASA-2013-0333.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0CVE-2013-2566 – Gentoo Linux Security Advisory 201406-19
https://notcve.org/view.php?id=CVE-2013-2566
14 Mar 2013 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos "single-byte biases", lo que hace que sea más fácil para atacantes remotos realizar ataques de recuperación de texto claro a través de análisis estadístico... • http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 4%CPEs: 22EXPL: 0CVE-2013-0783 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.3) (MFSA 2013-21)
https://notcve.org/view.php?id=CVE-2013-0783
19 Feb 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thund... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html •