83 matches found
CVE-2014-8640
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service uninitialized-memory read and...
CVE-2014-8640
CVE-2014-8640 affects Mozilla Firefox (before 35.0) and SeaMonkey (before 2.32) where the Web Audio API’s mozilla::dom::AudioParamTimeline::AudioNodeInputValue does not properly restrict timeline operations, enabling a remote attacker to trigger a denial of service via uninitialized-memory read a...
CVE-2014-8640
The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service uninitialized-memory read and...
CVE-2014-1565
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process...
Out-of-bounds
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process...
CVE-2014-1565
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process...
CVE-2014-1565
Technical details about CVE-2014-1565 are not provided in the connected documents. OpenSUSE and OSV entries reference Firefox-related updates but do not describe affected components, impact, or fixes for this CVE. Monitor for updates.
Firefox ESR 31.x < 31.1 Multiple Vulnerabilities (Mac OS X)
The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...
Firefox < 32.0 Multiple Vulnerabilities
The version of Firefox installed on the remote host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary code...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2326-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2326-1 advisory. A use-after-free was discovered in the SVG implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could...
Mozilla Thunderbird < 31.1 Multiple Vulnerabilities (Mac OS X)
The version of Thunderbird installed on the remote Mac OS X host is a version prior to 31.1. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitra...
Firefox < 32.0 Multiple Vulnerabilities (Mac OS X)
The version of Firefox installed on the remote Mac OS X host is a version prior to 32.0. It is, therefore, affected by the following vulnerabilities : - Multiple memory safety flaws exist within the browser engine. Exploiting these, an attacker can cause a denial of service or execute arbitrary...
CVE-2014-1565
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process...
UBUNTU-CVE-2014-1565
The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process...
CVE-2014-3174
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service read of...
Design/Logic Flaw
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service read of...
CVE-2014-3174
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service read of...
CVE-2014-3174
CVE-2014-3174 affects Blink/Web Audio’s BiquadDSPKernel.cpp in Chrome pre-37.0.2062.94. The issue arises from concurrent-thread handling when updating biquad coefficients, enabling a remote attacker to cause denial of service via reads of uninitialized memory. Public advisories confirm the vulner...
CVE-2014-3174
Removed by vendor...
Google Chrome < 37.0.2062.94 Multiple Vulnerabilities (Mac OS X)
The version of Google Chrome installed on the remote Mac OS X host is a version prior to 37.0.2062.94. It is, therefore, affected by the following vulnerabilities : - Blink contains a use-after-free vulnerability in its SVG implementation. By using a specially crafted web page, a remote attacker...