CVSS: 9.8EPSS: 1%CPEs: 20EXPL: 0CVE-2014-1555 – Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61)
https://notcve.org/view.php?id=CVE-2014-1555
22 Jul 2014 — Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Vulnerabilidad de uso después de liberación en la función nsDocLoader::OnProgress en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permite a atacantes remotos ejecutar código arbitrario a través de vec... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1558 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1558
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no ... • http://secunia.com/advisories/60628 •
CVSS: 10.0EPSS: 3%CPEs: 11EXPL: 0CVE-2014-1550 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1550
22 Jul 2014 — Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. Vulnerabilidad de uso después de liberación en la clase MediaInputPort en Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corr... • http://secunia.com/advisories/59760 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1560 – Ubuntu Security Notice USN-2296-1
https://notcve.org/view.php?id=CVE-2014-1560
22 Jul 2014 — Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. Mozilla Firefox anterior a 31.0 y Thunderbird anterior a 31.0 permiten a atacantes remotos causar una denegación de servicio (interrupción del análisis sintáctico de certificados X.509) a través de un certificado manipulado que no utilice la codificación de caracteres ASCII en... • http://secunia.com/advisories/60628 •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1539 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1539
11 Jun 2014 — Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image. Mozilla Firefox anterior a 30.0 y Thunderbird hasta 24.6 en OS X no aseguran la visibilidad del cursor después de una interacción con un objeto Flash y un elemento DIV, lo que facilita a atacantes remotos realizar ataques... • http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 2%CPEs: 18EXPL: 0CVE-2014-1538 – Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)
https://notcve.org/view.php?id=CVE-2014-1538
11 Jun 2014 — Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::CreateMozBR en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecu... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2014-1541 – Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52)
https://notcve.org/view.php?id=CVE-2014-1541
11 Jun 2014 — Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función RefreshDriverTimer::TickDriver en SMIL Animation Controller en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 6%CPEs: 27EXPL: 1CVE-2014-1524 – Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)
https://notcve.org/view.php?id=CVE-2014-1524
29 Apr 2014 — The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. La función nsXBLProtoImpl::InstallImplementation en Mozilla Firefox anterior a 29.0, Firefox ESR 24.... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 27EXPL: 0CVE-2014-1530 – Mozilla: Cross-site scripting (XSS) using history navigations (MFSA 2014-43)
https://notcve.org/view.php?id=CVE-2014-1530
29 Apr 2014 — The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web site that performs history navigation. La implementación docshell en Mozilla Firefox anterior a 29.0, Firefox ESR 24.x anterior a 24.5, Thunderbird anterior a 24.5 y SeaMonkey anterior a 2.26 permite a atacantes remo... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 27EXPL: 1CVE-2014-1531 – Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44)
https://notcve.org/view.php?id=CVE-2014-1531
29 Apr 2014 — Use-after-free vulnerability in the nsGenericHTMLElement::GetWidthHeightForImage function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving an imgLoader object that is not properly handled during an image-resize operation. Vulnerabilidad de uso después de liberación en la función nsGenericHTMLElement::GetWidthHeightForIma... • http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132332.html • CWE-416: Use After Free •