161 matches found
The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.
The use of this feature after release in the FontTableRec destructor in Mozilla Firefox allows malicious actors operating remotely to execute arbitrary code by improperly using fonts contained in MathML, resulting in incorrect processing of the DirectWrite font object...
The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.
The use of this feature after release in FontTableRec in Mozilla Firefox ESR allows malicious actors operating remotely to execute arbitrary code by improperly using fonts contained in MathML, resulting in incorrect processing of the DirectWrite font object...
The vulnerability of the Firefox browser allows a malicious individual to execute arbitrary code, gain access to confidential information, or cause a service failure.
The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the libxul.so!gfxContext::Polygon function. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the dynamic memory of the process, trigger service...
Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64 (20150722)
A flaw was found in the way the LibreOffice HWP Hangul Word Processor file filter processed certain HWP documents. An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that...
Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20150305)
It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macro...
CentOS 7 : libabw / libcmis / libetonyek / libfreehand / liblangtag / libmwaw / libodfgen / etc (CESA-2015:0377)
Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
Moderate: Red Hat Security Advisory: libreoffice security, bug fix, and enhancement update
Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...
Mozilla Thunderbird Multiple Vulnerabilities-01 (Aug 2014) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Mozilla Firefox < 31.0 Multiple Vulnerabilities
Binary data 8333.prm...
CVE-2014-1551
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...
Design/Logic Flaw
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...
CVE-2014-1551
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...
CVE-2014-1551
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...
CVE-2014-1551
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...
CVE-2014-1551
CVE-2014-1551 is a concrete use-after-free vulnerability in Mozilla Firefox’s FontTableRec destructor that can be triggered by crafted fonts in MathML content. Root cause: improper handling of a DirectWrite font-face object, allowing remote attackers to execute arbitrary code. Affected products/v...
PT-2014-1464 · Mozilla +1 · Firefox Esr +3
Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 31.0 Firefox ESR versions prior to 24.7 Thunderbird versions prior to 24.7 Description: The issue is related to a use-after-free vulnerability in the FontTableRec destructor, allowing remote attackers to...
Use-after-free in DirectWrite font handling — Mozilla
Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...
openSUSE Security Update : libreoffice (openSUSE-SU-2012:1686-1)
LibreOffice was updated to 3.5.4.13 3.5.6rc2 based, fixing a security issue and lots of bugs : - NULL pointer dereference bnc778669, CVE-2012-4233 - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix bnc734733 - update to...
MozillaThunderbird,seamonkey (important)
Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...
Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...