CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2014-1563 – Ubuntu Security Notice USN-2330-1
https://notcve.org/view.php?id=CVE-2014-1563
02 Sep 2014 — Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. Vulnerabilidad de uso después de liberación en la función mozilla::DOMSVGLength::GetTearOff en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anter... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 21EXPL: 0CVE-2014-1551 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1551
23 Jul 2014 — Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object. Vulnerabilidad de uso después de liberación en el destructor FontTableRec en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 en Windows permite a... • http://secunia.com/advisories/59760 •
CVSS: 10.0EPSS: 3%CPEs: 71EXPL: 0CVE-2014-1544 – nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)
https://notcve.org/view.php?id=CVE-2014-1544
22 Jul 2014 — Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Vulnerabilidad de uso después de liberación en la función CERT_DestroyCertificate en libnss3.so en Mozilla Network Security Services (NSS)... • http://secunia.com/advisories/59591 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 20EXPL: 0CVE-2014-1547 – Mozilla: Miscellaneous memory safety hazards (rv:24.7) (MFSA 2014-56)
https://notcve.org/view.php?id=CVE-2014-1547
22 Jul 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos causar una dene... • http://linux.oracle.com/errata/ELSA-2014-0918.html •
CVSS: 10.0EPSS: 2%CPEs: 11EXPL: 0CVE-2014-1548 – Ubuntu Security Notice USN-2295-1
https://notcve.org/view.php?id=CVE-2014-1548
22 Jul 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) ... • http://secunia.com/advisories/59719 •
CVSS: 9.3EPSS: 2%CPEs: 11EXPL: 0CVE-2014-1549 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1549
22 Jul 2014 — The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted audio content that is improperly handled during playback buffering. La función mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer en Mozilla Firefox anterior a 31.0 y Thunderbi... • http://secunia.com/advisories/59760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 11EXPL: 0CVE-2014-1550 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1550
22 Jul 2014 — Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. Vulnerabilidad de uso después de liberación en la clase MediaInputPort en Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corr... • http://secunia.com/advisories/59760 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1552 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1552
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 no implementa debidamente el atributo sandbox del elemento IFRAME, lo que permite a atacantes remotos evadir las restricciones en el contenido del mismo origen a través de un sitio we... • http://secunia.com/advisories/59760 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2014-1555 – Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61)
https://notcve.org/view.php?id=CVE-2014-1555
22 Jul 2014 — Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Vulnerabilidad de uso después de liberación en la función nsDocLoader::OnProgress en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permite a atacantes remotos ejecutar código arbitrario a través de vec... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 20EXPL: 0CVE-2014-1556 – Mozilla: Exploitable WebGL crash with Cesium JavaScript library (MFSA 2014-62)
https://notcve.org/view.php?id=CVE-2014-1556
22 Jul 2014 — Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado construido con la libraría Cesium JavaScript. Christian Holler, David Keeler and Byron Campen discovered multip... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •