CVSS: 8.1EPSS: 8%CPEs: 8EXPL: 0CVE-2014-1577 – Mozilla: Web Audio memory corruption issues with custom waveforms (MFSA 2014-76)
https://notcve.org/view.php?id=CVE-2014-1577
14 Oct 2014 — The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the Web Audio subsystem in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read, memory corruption, and application crash) via an invalid custom waveform that triggers a calculation of a negative frequency value. La función mozilla::dom::OscillatorNodeEngine::ComputeCustom en el su... • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2014-1583 – Mozilla: Accessing cross-origin objects via the Alarms API (MFSA 2014-82)
https://notcve.org/view.php?id=CVE-2014-1583
14 Oct 2014 — The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x before 31.2 does not properly restrict toJSON calls, which allows remote attackers to bypass the Same Origin Policy via crafted API calls that access sensitive information within the JSON data of an alarm. La API Alarm en Mozilla Firefox anterior a 33.0 y Firefox ESR 31.x anterior a 31.2 no restringe debidamente las llamadas JSON, lo que permite a atacantes remotos evadir Same Origin Policy a través de llamadas a la API manipuladas que accede... • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html •
CVSS: 8.8EPSS: 21%CPEs: 8EXPL: 0CVE-2014-1576 – Mozilla: Buffer overflow during CSS manipulation (MFSA 2014-75)
https://notcve.org/view.php?id=CVE-2014-1576
14 Oct 2014 — Heap-based buffer overflow in the nsTransformedTextRun function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via Cascading Style Sheets (CSS) token sequences that trigger changes to capitalization style. Desbordamiento de buffer basado en memoria dinámica en la función nsTransformedTextRun en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacan... • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 0CVE-2014-1574 – Mozilla: Miscellaneous memory safety hazards (rv:31.2) (MFSA 2014-74)
https://notcve.org/view.php?id=CVE-2014-1574
14 Oct 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permiten a atacantes remotos caus... • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html •
CVSS: 8.8EPSS: 14%CPEs: 8EXPL: 0CVE-2014-1581 – Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1581
14 Oct 2014 — Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Vulnerabilidad de uso después de liberación en DirectionalityUtils.cpp en Mozilla Firefox anterior a 33.0, Firefox ESR 31.x anterior a 31.2, y Thunderbird 31.x anterior a 31.2 permite a atacantes remotos ej... • http://lists.fedoraproject.org/pipermail/package-announce/2014-November/141796.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 233EXPL: 0CVE-2014-1568 – nss: RSA PKCS#1 signature verification forgery flaw (MFSA 2014-73)
https://notcve.org/view.php?id=CVE-2014-1568
25 Sep 2014 — Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof ... • http://googlechromereleases.blogspot.com/2014/09/stable-channel-update-for-chrome-os_24.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0CVE-2014-1553 – Ubuntu Security Notice USN-2330-1
https://notcve.org/view.php?id=CVE-2014-1553
02 Sep 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anterior a 31.1 y Thunderbird 31.x anterior a 31.1 permiten a atacantes remotos causa... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 30%CPEs: 9EXPL: 0CVE-2014-1563 – Ubuntu Security Notice USN-2330-1
https://notcve.org/view.php?id=CVE-2014-1563
02 Sep 2014 — Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation with DOM interaction that triggers incorrect cycle collection. Vulnerabilidad de uso después de liberación en la función mozilla::DOMSVGLength::GetTearOff en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anter... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 26EXPL: 0CVE-2014-1562 – Mozilla: Miscellaneous memory safety hazards (rv:rv:24.8) (MFSA 2014-67)
https://notcve.org/view.php?id=CVE-2014-1562
02 Sep 2014 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador en Mozilla Firefox anterior a 32.0, Firefox ESR 24.x anterior a 24.8 y 31.x anterior a 31.1 y Thunderbird 24.x anterior... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 14%CPEs: 26EXPL: 0CVE-2014-1567 – Mozilla Firefox DirectionalityUtils Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1567
02 Sep 2014 — Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to execute arbitrary code via text that is improperly handled during the interaction between directionality resolution and layout. Vulnerabilidad de uso después de liberación en DirectionalityUtils.cpp en Mozilla Firefox anterior a 32.0, Firefox ESR 24.x anterior a 24.8 y 31.x anterior a 31.1 y... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-416: Use After Free •