CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2014-1557 – Mozilla: Crash in Skia library when scaling high quality images (MFSA 2014-64)
https://notcve.org/view.php?id=CVE-2014-1557
22 Jul 2014 — The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. La función ConvolveHorizontally en Skia, utilizado en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1558 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1558
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no ... • http://secunia.com/advisories/60628 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1559 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1559
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no ... • http://secunia.com/advisories/60628 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1560 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1560
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no utilice la codificación de caracteres ASCII en... • http://secunia.com/advisories/60628 •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1539 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1539
11 Jun 2014 — Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. Mozilla Firefox anterior a 30.0 y Thunderbird hasta 24.6 en OS X no aseguran la visibilidad del cursor después de una interacción con un objeto Flash y un elemento DIV, lo que facilita a atacantes remotos realizar ataques... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 18EXPL: 0CVE-2014-1538 – Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)
https://notcve.org/view.php?id=CVE-2014-1538
11 Jun 2014 — Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::CreateMozBR en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecu... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1541 – Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52)
https://notcve.org/view.php?id=CVE-2014-1541
11 Jun 2014 — Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función RefreshDriverTimer::TickDriver en SMIL Animation Controller en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 27EXPL: 9CVE-2014-1518 – Mozilla: Miscellaneous memory safety hazards (rv:24.5) (MFSA 2014-34)
https://notcve.org/view.php?id=CVE-2014-1518
29 Apr 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegador en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a ... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2014-1523 – Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)
https://notcve.org/view.php?id=CVE-2014-1523
29 Apr 2014 — Heap-based buffer overflow in the read_u32 function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image. Desbordamiento de buffer basado en memoria dinámica en la función read_u32 en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remo... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 6%CPEs: 27EXPL: 1CVE-2014-1524 – Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)
https://notcve.org/view.php?id=CVE-2014-1524
29 Apr 2014 — The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. La función nsXBLProtoImpl::InstallImplementation en Mozilla Firefox anterior a 29.0, Firefox ESR 24.... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •