CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1565 – Ubuntu Security Notice USN-2330-1
https://notcve.org/view.php?id=CVE-2014-1565
02 Sep 2014 — The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted API calls. La función mozilla::dom::AudioEventTimeline en la implementación Web Audio API en Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anteri... • http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 2CVE-2014-1564 – Mozilla Firefox 9.0.1 / Thunderbird 3.1.20 - Information Disclosure
https://notcve.org/view.php?id=CVE-2014-1564
02 Sep 2014 — Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image. Mozilla Firefox anterior a 32.0, Firefox ESR 31.x anterior a 31.1 y Thunderbird 31.x anterior a 31.1 no inicializa debidamente la memoria para la renderización GIF, lo que permite a atac... • https://packetstorm.news/files/id/128132 • CWE-824: Access of Uninitialized Pointer •
CVSS: 10.0EPSS: 11%CPEs: 21EXPL: 0CVE-2014-1551 – Gentoo Linux Security Advisory 201504-01
https://notcve.org/view.php?id=CVE-2014-1551
23 Jul 2014 — Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object. Vulnerabilidad de uso después de liberación en el destructor FontTableRec en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 en Windows permite a... • http://secunia.com/advisories/59760 •
CVSS: 10.0EPSS: 11%CPEs: 71EXPL: 0CVE-2014-1544 – nss: Race-condition in certificate verification can lead to Remote code execution (MFSA 2014-63)
https://notcve.org/view.php?id=CVE-2014-1544
22 Jul 2014 — Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Vulnerabilidad de uso después de liberación en la función CERT_DestroyCertificate en libnss3.so en Mozilla Network Security Services (NSS)... • http://secunia.com/advisories/59591 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 23EXPL: 0CVE-2014-1557 – Mozilla: Crash in Skia library when scaling high quality images (MFSA 2014-64)
https://notcve.org/view.php?id=CVE-2014-1557
22 Jul 2014 — The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. La función ConvolveHorizontally en Skia, utilizado en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.8EPSS: 7%CPEs: 20EXPL: 0CVE-2014-1555 – Mozilla: Use-after-free with FireOnStateChange event (MFSA 2014-61)
https://notcve.org/view.php?id=CVE-2014-1555
22 Jul 2014 — Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Vulnerabilidad de uso después de liberación en la función nsDocLoader::OnProgress en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permite a atacantes remotos ejecutar código arbitrario a través de vec... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 8%CPEs: 20EXPL: 0CVE-2014-1547 – Mozilla: Miscellaneous memory safety hazards (rv:24.7) (MFSA 2014-56)
https://notcve.org/view.php?id=CVE-2014-1547
22 Jul 2014 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos causar una dene... • http://linux.oracle.com/errata/ELSA-2014-0918.html •
CVSS: 9.3EPSS: 4%CPEs: 20EXPL: 0CVE-2014-1556 – Mozilla: Exploitable WebGL crash with Cesium JavaScript library (MFSA 2014-62)
https://notcve.org/view.php?id=CVE-2014-1556
22 Jul 2014 — Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Mozilla Firefox anterior a 31.0, Firefox ESR 24.x anterior a 24.7 y Thunderbird anterior a 24.7 permiten a atacantes remotos ejecutar código arbitrario a través de contenido WebGL manipulado construido con la libraría Cesium JavaScript. Christian Holler, David Keeler and Byron Campen discovered multip... • http://linux.oracle.com/errata/ELSA-2014-0918.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 8%CPEs: 18EXPL: 0CVE-2014-1541 – Mozilla: Use-after-free with SMIL Animation Controller (MFSA 2014-52)
https://notcve.org/view.php?id=CVE-2014-1541
11 Jun 2014 — Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content. Vulnerabilidad de uso después de liberación en la función RefreshDriverTimer::TickDriver en SMIL Animation Controller en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 8%CPEs: 18EXPL: 0CVE-2014-1538 – Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)
https://notcve.org/view.php?id=CVE-2014-1538
11 Jun 2014 — Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::CreateMozBR en Mozilla Firefox anterior a 30.0, Firefox ESR 24.x anterior a 24.6 y Thunderbird anterior a 24.6 permite a atacantes remotos ejecu... • http://linux.oracle.com/errata/ELSA-2014-0741.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •