CVSS: 7.3EPSS: 0%CPEs: 250EXPL: 0CVE-2015-0833 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2015-0833
25 Feb 2015 — Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. Múltiples vulnerabilidades de rutas de búsqueda no confiables en updater.exe en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html •
CVSS: 7.5EPSS: 0%CPEs: 244EXPL: 0CVE-2015-0822 – Mozilla: Reading of local files through manipulation of form autocomplete (MFSA 2015-24)
https://notcve.org/view.php?id=CVE-2015-0822
24 Feb 2015 — The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. La característica Form Autocompletion en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos leer ficheros arbitrarios a través de código JavaScript manipulado. An information leak flaw was found in the way Firefox implemented autocomplete ... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 1%CPEs: 244EXPL: 0CVE-2015-0827 – Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)
https://notcve.org/view.php?id=CVE-2015-0827
24 Feb 2015 — Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic. Desbordamiento de buffer basado en memoria dinámica en la función mozilla::gfx::CopyRect en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permite a atacantes remotos obtener información ... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 249EXPL: 0CVE-2015-0831 – Mozilla: Use-after-free in IndexedDB (MFSA 2015-16)
https://notcve.org/view.php?id=CVE-2015-0831
24 Feb 2015 — Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation. Vulnerabilidad de uso después de liberación en la función mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex en Mozilla Firefox anterior a... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html • CWE-416: Use After Free •
CVSS: 9.1EPSS: 1%CPEs: 244EXPL: 0CVE-2015-0836 – Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)
https://notcve.org/view.php?id=CVE-2015-0836
24 Feb 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor del navegador en Mozilla Firefox anterior a 36.0, Firefox ESR 31.x anterior a 31.5, y Thunderbird anterior a 31.5 permiten a atacantes remotos causar una den... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1587 – Mozilla: Miscellaneous memory safety hazards (rv:31.3) (MFSA 2014-83)
https://notcve.org/view.php?id=CVE-2014-1587
02 Dec 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1590 – Mozilla: XMLHttpRequest crashes with some input streams (MFSA 2014-85)
https://notcve.org/view.php?id=CVE-2014-1590
02 Dec 2014 — The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object. El método de enviar prototipo XMLHttpRequest.en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos causar una denegación de servicio (caída de la aplic... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1592 – Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87)
https://notcve.org/view.php?id=CVE-2014-1592
02 Dec 2014 — Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Vulnerabilidad de uso después de liberación en la función nsHtml5TreeOperation en xul.dll en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey an... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2014-1593 – Mozilla: Buffer overflow while parsing media content (MFSA 2014-88)
https://notcve.org/view.php?id=CVE-2014-1593
02 Dec 2014 — Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content. Desbordamiento de buffer basado en pila en la función mozilla::FileBlockCache::Read en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 permite a atacantes remotos ejecutar ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2014-1594 – Mozilla: Bad casting from the BasicThebesLayer to BasicContainerLayer (MFSA 2014-89)
https://notcve.org/view.php?id=CVE-2014-1594
02 Dec 2014 — Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type. Mozilla Firefox anterior a 34.0, Firefox ESR31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey anterior a 2.31 podría permitir a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de una conversión de datos ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function •