CVSS: 9.8EPSS: 6%CPEs: 4EXPL: 0CVE-2014-1592 – Mozilla: Use-after-free during HTML5 parsing (MFSA 2014-87)
https://notcve.org/view.php?id=CVE-2014-1592
02 Dec 2014 — Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing. Vulnerabilidad de uso después de liberación en la función nsHtml5TreeOperation en xul.dll en Mozilla Firefox anterior a 34.0, Firefox ESR 31.x anterior a 31.3, Thunderbird anterior a 31.3, y SeaMonkey an... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00024.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 233EXPL: 0CVE-2014-1568 – nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)
https://notcve.org/view.php?id=CVE-2014-1568
25 Sep 2014 — Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof ... • http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 11%CPEs: 21EXPL: 0CVE-2014-1551 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1551
23 Jul 2014 — Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object. Vulnerabilidad de uso después de liberación en el destructor FontTableRec en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 en Windows permite a... • http://secunia.com/advisories/59760 •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2014-1558 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1558
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no ... • http://secunia.com/advisories/60628 •
CVSS: 10.0EPSS: 11%CPEs: 71EXPL: 0CVE-2014-1544 – nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)
https://notcve.org/view.php?id=CVE-2014-1544
22 Jul 2014 — Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Vulnerabilidad de uso después de liberación en la función CERT_DestroyCertificate en libnss3.so en Mozilla Network Security Services (NSS)... • http://secunia.com/advisories/59591 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 11EXPL: 0CVE-2014-1560 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1560
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no utilice la codificación de caracteres ASCII en... • http://secunia.com/advisories/60628 •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2014-1557 – Mozilla: Crash in Skia library when scaling high quality images (MFSA 2014-64)
https://notcve.org/view.php?id=CVE-2014-1557
22 Jul 2014 — The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. La función ConvolveHorizontally en Skia, utilizado en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.8EPSS: 7%CPEs: 20EXPL: 0CVE-2014-1555 – Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61)
https://notcve.org/view.php?id=CVE-2014-1555
22 Jul 2014 — Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Vulnerabilidad de uso después de liberación en la función nsDocLoader::OnProgress en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permite a atacantes remotos ejecutar código arbitrario a través de vec... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 11EXPL: 0CVE-2014-1559 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1559
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no ... • http://secunia.com/advisories/60628 •
CVSS: 10.0EPSS: 8%CPEs: 20EXPL: 0CVE-2014-1547 – Mozilla: Miscellaneous memory safety hazards (rv:24.7) (MFSA 2014-56)
https://notcve.org/view.php?id=CVE-2014-1547
22 Jul 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos causar una dene... • http://linux.oracle.com/errata/ELSA-2014-0918.html •