CVSS: 8.8EPSS: 1%CPEs: 40EXPL: 0CVE-2015-0797 – Mozilla: Buffer overflow parsing H.264 video with Linux Gstreamer (MFSA 2015-47)
https://notcve.org/view.php?id=CVE-2015-0797
16 Apr 2015 — GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. GStreamer anterior a 1.4.5, utilizado en Mozilla Firefox anterior a 38.0, Firefox ESR 31.x anterior a 31.7, y Thunderbird anterior a 31.7 en Linux, permite a atacantes remotos causar una denegación de servi... • http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 13EXPL: 0CVE-2015-0818 – Mozilla Firefox SVG DOMAttrModified Same-Origin Policy Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2015-0818
23 Mar 2015 — Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation. Mozilla Firefox anterior a 36.0.4, Firefox ESR 31.x anterior a 31.5.3, y SeaMonkey anterior a 2.33.1 permiten a atacantes remotos evadir Same Origin Policy y ejecutar código JavaScript arbitrario con privilegios chrome a través de vectores que involucran la nav... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 23%CPEs: 12EXPL: 0CVE-2015-0817 – Mozilla Firefox Bounds Check Elimination Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0817
23 Mar 2015 — The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to unintended memory locations, and consequently execute arbitrary code, via crafted JavaScript. La implementación asm.js en Mozilla Firefox anterior a 36.0.3, Firefox ESR 31.x anterior a 31.5.2, y SeaMonkey anterior a 2... • http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html • CWE-17: DEPRECATED: Code CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 91%CPEs: 2EXPL: 2CVE-2014-8636 – Mozilla Firefox - Proxy Prototype Privileged JavaScript Injection
https://notcve.org/view.php?id=CVE-2014-8636
14 Jan 2015 — The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors. La implementación XrayWrapper en Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no interactua correctamente con un objeto DOM que tiene nombrado un getter nombrado, lo que podría permitir a atacantes remotos ejecutar códi... • https://packetstorm.news/files/id/130972 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-8642 – Ubuntu Security Notice USN-2458-2
https://notcve.org/view.php?id=CVE-2014-8642
14 Jan 2015 — Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during a session in which there was an incorrect decision to accept a compromised and revoked certificate. Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no consideran la extensión id-pkix-ocsp-nocheck cuando deciden si confían de un contestador O... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html • CWE-310: Cryptographic Issues •
CVSS: 8.8EPSS: 26%CPEs: 2EXPL: 0CVE-2014-8635 – Ubuntu Security Notice USN-2458-1
https://notcve.org/view.php?id=CVE-2014-8635
14 Jan 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caida de la aplicación) o ... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8637 – Ubuntu Security Notice USN-2458-2
https://notcve.org/view.php?id=CVE-2014-8637
14 Jan 2015 — Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element. Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no inicializan la memeoria correctamente para las imágenes BMP, lo que permite a atacantes remotos obtener información sensible de los procesos de la memoria a través d... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 4%CPEs: 4EXPL: 0CVE-2014-8640 – Ubuntu Security Notice USN-2458-2
https://notcve.org/view.php?id=CVE-2014-8640
14 Jan 2015 — The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and application crash) via crafted API calls. La función mozilla::dom::AudioParamTimeline::AudioNodeInputValue en la implementación de API Web Audio en Mozilla Firefox anterior a 35.0 y SeaMonkey anterior a 2.32 no res... • http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00014.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.1EPSS: 9%CPEs: 7EXPL: 0CVE-2014-8641 – Mozilla: Read-after-free in WebRTC (MFSA 2015-06)
https://notcve.org/view.php?id=CVE-2014-8641
14 Jan 2015 — Use-after-free vulnerability in the WebRTC implementation in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, and SeaMonkey before 2.32 allows remote attackers to execute arbitrary code via crafted track data. Vulnerabilidad de uso después de liberación en la implementación WebRTC en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, y SeaMonkey anterior a 2.32 permite a atacantes remotos ejecutar código arbitrario a través de datos track manipulados. USN-2458-1 fixed vulnerabiliti... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 5%CPEs: 8EXPL: 0CVE-2014-8634 – Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)
https://notcve.org/view.php?id=CVE-2014-8634
14 Jan 2015 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox anterior a 35.0, Firefox ESR 31.x anterior a 31.4, Thunderbird anterior a 31.4, y SeaMonkey anterior ... • http://linux.oracle.com/errata/ELSA-2015-0046.html • CWE-122: Heap-based Buffer Overflow •