Page 9 of 670 results (0.017 seconds)

CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 1

CVE-2014-1508 – Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)

https://notcve.org/view.php?id=CVE-2014-1508

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. La función libxul.so!gfxContext::Polygon en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos obtener información sensible de la memoria de procesos, causar una denegación de servicio (lectura fuera de rango y caída de aplicación), o posiblemente evadir Same Origin Policy a través de vectores involucrando la renderización de polígono MathML. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security/2014/dsa-2881 http://www.debian.org/security/2014/dsa-2911 • CWE-125: Out-of-bounds Read •

CVSS: 8.8EPSS: 2%CPEs: 24EXPL: 1

CVE-2014-1509 – Mozilla: Memory corruption in Cairo during PDF font rendering (MFSA 2014-27)

https://notcve.org/view.php?id=CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document. Desbordamiento de buffer en la función _cairo_truetype_index_to_ucs4 en cairo, utilizado en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25, permite a atacantes remotos ejecutar código arbitrario a través de una extensión manipulada que renderiza fuentes en un documento PDF. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.mozilla.org/security/announce/2014/mfsa2014-27.html http://www.oracle.com/technetwork& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 2.6EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-1504

https://notcve.org/view.php?id=CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. La funcionalidad session-restore en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 no considera Content Security Policy de un dato: URL, lo que facilita a atacantes remotos realizar ataques de XSS a través de un documento manipulado que es accedido después de un reinicio de navegador. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-23.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=911547 https://s • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 91%CPEs: 26EXPL: 1

CVE-2014-1512 – Mozilla Firefox TypeObject Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects. Vulnerabilidad de uso después de liberación en la clase TypeObject en el motor JavaScript en Mozilla Firefox anterior a 28.0, Firefox ESR 24.x anterior a 24.4, Thunderbird anterior a 24.4 y SeaMonkey anterior a 2.25 permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento del consumo de memoria extensivo mientras la recolección de basura está ocurriendo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypeObjects. By manipulating a document's elements an attacker can force a dangling pointer to be reused after it has been freed. • http://archives.neohapsis.com/archives/bugtraq/2014-03/0145.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://rhn.redhat.com/errata/RHSA-2014-0310.html http://rhn.redhat.com/errata/RHSA-2014-0316.html http://www.debian.org/security&# • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2014-1494

https://notcve.org/view.php?id=CVE-2014-1494

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a 28.0 y SeaMonkey anterior a 2.25 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00017.html http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00016.html http://www.mozilla.org/security/announce/2014/mfsa2014-15.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://bugzilla.mozilla.org/show_bug.cgi?id=627295 https://b •