CVSS: 9.3EPSS: 1%CPEs: 27EXPL: 1CVE-2014-1482 – Mozilla: Incorrect use of discarded images by RasterImage (MFSA 2014-04)
https://notcve.org/view.php?id=CVE-2014-1482
04 Feb 2014 — RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create. RasterImage.cpp en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene el acceso a datos... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 1CVE-2014-1479 – Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)
https://notcve.org/view.php?id=CVE-2014-1479
04 Feb 2014 — The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. La implementación System Only Wrapper (SOW) en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene ciertas ... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 10.0EPSS: 23%CPEs: 23EXPL: 0CVE-2014-1486 – Mozilla Firefox imgRequestProxy Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1486
04 Feb 2014 — Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. Vulnerabilidad de uso después de liberación en la función imgRequestProxy en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permite a atacante... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-416: Use After Free •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 1CVE-2014-1487 – Mozilla: Cross-origin information leak through web workers (MFSA 2014-09)
https://notcve.org/view.php?id=CVE-2014-1487
04 Feb 2014 — The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages. La implementación de Web workers en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permite a atacantes remotos evadir Same Origin Policy y obtener in... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k • CWE-209: Generation of Error Message Containing Sensitive Information CWE-346: Origin Validation Error •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 1CVE-2014-1481 – Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)
https://notcve.org/view.php?id=CVE-2014-1481
04 Feb 2014 — Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines. Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 permiten a atacantes remotos evadir restricciones en objetos de ventana mediante el aprovechamiento de la inconsiste... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 9.8EPSS: 5%CPEs: 27EXPL: 11CVE-2014-1477 – Mozilla: Miscellaneous memory safety hazards (rv:24.3) (MFSA 2014-01)
https://notcve.org/view.php?id=CVE-2014-1477
04 Feb 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a... • http://download.novell.com/Download?buildid=VYQsgaFpQ2k •
CVSS: 8.8EPSS: 1%CPEs: 15EXPL: 0CVE-2013-5619 – Ubuntu Security Notice USN-2052-1
https://notcve.org/view.php?id=CVE-2013-5619
11 Dec 2013 — Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. Múltiples desbordamientos de enteros en la implementación binary-search de SpiderMonkey de Mozilla Firefox anterior a la versión 26.0 y SeaMonkey anterior a 2.23 podría permite a atacantes remotos provocar una denegaci... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2013-5610 – Ubuntu Security Notice USN-2052-1
https://notcve.org/view.php?id=CVE-2013-5610
11 Dec 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador Mozilla Firefox anterior a 26.0 y SeaMonkey anterior a 2.23 que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-6672 – Ubuntu Security Notice USN-2052-1
https://notcve.org/view.php?id=CVE-2013-6672
11 Dec 2013 — Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. Mozilla Firefox anterior a la versión 26.0 y SeaMonkey anterior a la versión 2.23 en Linux permite a atacantes remotos asistidos por el usuario leer datos del portapapeles mediante el aprovechamiento de ciertas operaciones de pegado con el botón central del ratón. Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christop... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 1CVE-2013-5615 – Ubuntu Security Notice USN-2053-1
https://notcve.org/view.php?id=CVE-2013-5615
11 Dec 2013 — The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. La implementación de JavaScript en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x anterior a 24.2, Thunderbird anterior a 24.2, y SeaMonkey anterior a 2.23 no hace cumplir adecuadamente ciertas restricc... • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html •