Lucene search
K

123 matches found

BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.7 views

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality of protected information.

The vulnerability exists in Mozilla Firefox ESR due to improper initialization of memory intended for displaying GIFs. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the process’s memory, through a specially crafted web script that interacts...

4.3CVSS6.8AI score0.05465EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2015/11/07 12:0 a.m.4 views

Mozilla Firefox and Firefox ESR 'JPEGEncoder' Function Competition Condition Vulnerability

Mozilla Firefox is an open source web browser.Firefox ESR is an extended support version of Firefox. A competitive condition vulnerability exists in the Mozilla Firefox 'JPEGEncoder' function, which can be exploited by remote attackers to construct special CANVAS elements that can be tricked into...

6.8CVSS9.3AI score0.0311EPSS
Exploits0References1
NVD
NVD
added 2015/11/05 5:59 a.m.20 views

CVE-2015-7189

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...

6.8CVSS9.6AI score0.0311EPSS
Exploits0References20
Prion
Prion
added 2015/11/05 5:59 a.m.23 views

Race condition

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...

6.8CVSS8.2AI score0.0311EPSS
Exploits0References20Affected Software2
Cvelist
Cvelist
added 2015/11/05 2:0 a.m.29 views

CVE-2015-7189

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...

9.7AI score0.0311EPSS
Exploits0References20
UbuntuCve
UbuntuCve
added 2015/11/04 12:0 a.m.27 views

CVE-2015-7189

Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow via vectors involving a CANVAS element and crafted JavaScript code...

6.8CVSS7.4AI score0.0311EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2015/10/06 12:0 a.m.9 views

The vulnerability of the Firefox browser, which allows a perpetrator to gain access to protected information or cause a service failure

The vulnerability of the gfx/2d/DataSurfaceHelpers.cpp component in the Firefox browser is caused by buffer overflow. Exploiting this vulnerability can allow an attacker to gain access to protected information or cause a service failure by using the CANVAS element to switch to 2D rendering mode,...

6.4CVSS8.2AI score0.03493EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/09/27 12:0 a.m.6 views

Mozilla Firefox and Firefox ESR gfx/2d/DataSurfaceHelpers.cpp Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser. A security vulnerability exists in Mozilla Firefox gfx/2d/DataSurfaceHelpers.cpp, which allows remote attackers to crash an application or execute arbitrary code by triggering a 2D display using the CANVAS element...

6.4CVSS9.2AI score0.03493EPSS
Exploits0References1
Prion
Prion
added 2015/09/24 4:59 a.m.16 views

Out-of-bounds

gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a...

6.4CVSS7AI score0.03493EPSS
Exploits0References11Affected Software1
UbuntuCve
UbuntuCve
added 2015/09/18 12:0 a.m.20 views

CVE-2015-5788

The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element...

4.3CVSS6.8AI score0.0214EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/09/08 12:0 a.m.28 views

openSUSE Security Update : MozillaFirefox (openSUSE-2015-565)

MozillaFirefox was updated to version 40.0.3 to fix two security issues and several bugs. Changes in MozillaFirefox : - update to Firefox 40.0.3 bnc943550 - Disable the asynchronous plugin initialization bmo1198590 - Fix a segmentation fault in the GStreamer support bmo1145230 - Fix a regression...

10CVSS8.3AI score0.08007EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/08/31 12:0 a.m.26 views

FreeBSD : mozilla -- multiple vulnerabilities (237a201c-888b-487f-84d3-7d92266381d6)

The Mozilla Project reports : MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...

10CVSS8.4AI score0.08007EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/08/31 12:0 a.m.25 views

Debian DSA-3345-1 : iceweasel - security update

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4497 Jean-Max Reymond and Ucha Gobejishvili discovered a use-after-free vulnerability which...

10CVSS8.5AI score0.08007EPSS
Exploits0References7
Prion
Prion
added 2015/08/29 7:59 p.m.34 views

Design/Logic Flaw

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...

10CVSS8AI score0.08007EPSS
Exploits0References13Affected Software2
OpenVAS
OpenVAS
added 2015/08/29 12:0 a.m.31 views

Debian Security Advisory DSA 3345-1 (iceweasel - security update)

Multiple security issues have been found in Iceweasel, Debian OpenVAS Vulnerability Test $Id: deb3345.nasl 6609 2017-07-07 12:05:59Z cfischer $ Auto-generated from advisory DSA 3345-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2015 Greenbone Networks Gm...

10CVSS0.5AI score0.08007EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/08/27 12:0 a.m.41 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-95 Add-on notification bypass through data URLs MFSA 2015-94 Use-after-free when resizing canvas element during restyling...

9.4AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2015/08/27 12:0 a.m.30 views

CVE-2015-4497

Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets CSS toke...

10CVSS7.5AI score0.08007EPSS
Exploits0References3
NVD
NVD
added 2015/01/14 11:59 a.m.28 views

CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element...

5CVSS5.9AI score0.0217EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2015/01/14 12:0 a.m.39 views

CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element...

5CVSS6.9AI score0.0217EPSS
Exploits0References3
OSV
OSV
added 2014/10/14 12:0 a.m.6 views

UBUNTU-CVE-2014-1580

Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element...

5CVSS6.9AI score0.02226EPSS
Exploits0References4
Rows per page
Query Builder