Mozilla Thunderbird 24.x < 24.7 Multiple Vulnerabilities

The version of Thunderbird 24.x installed on the remote host is a version prior to 24.7. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs...

FreeBSD : mozilla -- multiple vulnerabilities (978b0f76-122d-11e4-afe3-bc5ff4fb5e7b)

The Mozilla Project reports : MFSA 2014-66 IFRAME sandbox same-origin access through redirect MFSA 2014-65 Certificate parsing broken by non-standard character encoding MFSA 2014-64 Crash in Skia library when scaling high quality images MFSA 2014-63 Use-after-free while when manipulating...

Firefox < 31.0 Multiple Vulnerabilities

The version of Firefox installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which may...

Mozilla Thunderbird < 31.0 Multiple Vulnerabilities

The version of Thunderbird installed on the remote host is a version prior to 31.0. It is, therefore, affected by the following vulnerabilities : - When a pair of NSSCertificate structures are added to a trust domain and then one of them is removed during use, a use-after-free error occurs which...

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

Design/Logic Flaw

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

CVE-2014-1551

CVE-2014-1551 is a concrete use-after-free vulnerability in Mozilla Firefox’s FontTableRec destructor that can be triggered by crafted fonts in MathML content. Root cause: improper handling of a DirectWrite font-face object, allowing remote attackers to execute arbitrary code. Affected products/v...

Firefox 31 Patches 11 Security Flaws

Mozilla has released a new version of Firefox, which includes patches for 11 security vulnerabilities. Three of the bugs fixed in Firefox 31 are critical, including a use-after-free vulnerability and a handful of memory safety issues. There are actually several separate use-after-free...

PT-2014-1464 · Mozilla +1 · Firefox Esr +3

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 31.0 Firefox ESR versions prior to 24.7 Thunderbird versions prior to 24.7 Description: The issue is related to a use-after-free vulnerability in the FontTableRec destructor, allowing remote attackers to...

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

Microsoft Windows DirectWrite Remote Code Execution Vulnerabilities (2848295)

This host is missing a critical security update according to Microsoft Bulletin MS13-054. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows 'DirectWrite' API拒绝访问漏洞(MS12-019)

BUGTRAQ ID: 52332 CVE ID: CVE-2012-0156 Microsoft Windows是流行的计算机操作系统。 Windows DirectWrit在实现上存在安全漏洞，通过特制的Unicode字符，可造成使用API的应用停止响应。 0 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista SP2 Microsoft Windows Vista SP1 Microsoft Server 2008...

Microsoft Security Bulletin with Remote Desktop Flaws

Microsoft Security Bulletin with Remote Desktop Flaws Microsoft has released 6 updates in this month's patch Tuesday, including a patch for a critical hole which the software maker warns could be hit within the next 30 days. Microsoft is warning that there's a remote, pre-authentication,...

Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)

This host has moderate security update missing according to Microsoft Bulletin MS12-019. OpenVAS Vulnerability Test $Id: secpodms12-019.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows DirectWrite Denial of Service Vulnerability 2665364 Authors: Antu Sanadi Copyright: Copyright c 2012 SecPo...

Microsoft Windows multiple security vulnerabilities

Kernel drivers privileges escalation, DirectWrite API DoS, RDP memory corruption and DoS...

Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)

This host has moderate security update missing according to Microsoft Bulletin MS12-019. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2012-0156

DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service application hang via a 1 instant message or 2 web site, aka "DirectWrite...