Lucene search
K

161 matches found

BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.5 views

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this feature after release in the FontTableRec destructor in Mozilla Firefox allows malicious actors operating remotely to execute arbitrary code by improperly using fonts contained in MathML, resulting in incorrect processing of the DirectWrite font object...

10CVSS6.7AI score0.04682EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

The vulnerability in the Firefox ESR software allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this feature after release in FontTableRec in Mozilla Firefox ESR allows malicious actors operating remotely to execute arbitrary code by improperly using fonts contained in MathML, resulting in incorrect processing of the DirectWrite font object...

10CVSS6.7AI score0.04682EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.4 views

The vulnerability of the Firefox browser allows a malicious individual to execute arbitrary code, gain access to confidential information, or cause a service failure.

The Mozilla Firefox browser contains a vulnerability related to errors in the implementation of the libxul.so!gfxContext::Polygon function. Exploiting this vulnerability allows malicious actors to gain access to confidential information from the dynamic memory of the process, trigger service...

6.8CVSS7AI score0.0427EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/08/04 12:0 a.m.22 views

Scientific Linux Security Update : libreoffice on SL6.x i386/x86_64 (20150722)

A flaw was found in the way the LibreOffice HWP Hangul Word Processor file filter processed certain HWP documents. An attacker able to trick a user into opening a specially crafted HWP document could possibly use this flaw to execute arbitrary code with the privileges of the user opening that...

6.8CVSS7.2AI score0.07646EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/26 12:0 a.m.38 views

Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20150305)

It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macro...

10CVSS8AI score0.09864EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/03/18 12:0 a.m.44 views

CentOS 7 : libabw / libcmis / libetonyek / libfreehand / liblangtag / libmwaw / libodfgen / etc (CESA-2015:0377)

Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

10CVSS8AI score0.09864EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2015/03/05 8:48 a.m.42 views

Moderate: Red Hat Security Advisory: libreoffice security, bug fix, and enhancement update

Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

10CVSS7.6AI score0.09864EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2014/08/07 12:0 a.m.23 views

Mozilla Thunderbird Multiple Vulnerabilities-01 (Aug 2014) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

10CVSS9.6AI score0.06109EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2014/07/25 12:0 a.m.26 views

Mozilla Firefox < 31.0 Multiple Vulnerabilities

Binary data 8333.prm...

10CVSS9.6AI score0.06109EPSS
Exploits0References23
NVD
NVD
added 2014/07/23 11:12 a.m.23 views

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

10CVSS7.3AI score0.04682EPSS
Exploits0References7
Prion
Prion
added 2014/07/23 11:12 a.m.25 views

Design/Logic Flaw

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

10CVSS8AI score0.04682EPSS
Exploits0References7Affected Software3
UbuntuCve
UbuntuCve
added 2014/07/23 11:12 a.m.28 views

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

10CVSS6.6AI score0.04682EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2014/07/23 11:12 a.m.3 views

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

10CVSS6.6AI score0.04682EPSS
Exploits0References8
Cvelist
Cvelist
added 2014/07/23 10:0 a.m.31 views

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a...

9.6AI score0.04682EPSS
Exploits0References7
CVE
CVE
added 2014/07/23 10:0 a.m.83 views

CVE-2014-1551

CVE-2014-1551 is a concrete use-after-free vulnerability in Mozilla Firefox’s FontTableRec destructor that can be triggered by crafted fonts in MathML content. Root cause: improper handling of a DirectWrite font-face object, allowing remote attackers to execute arbitrary code. Affected products/v...

10CVSS9.5AI score0.04682EPSS
Exploits0References7Affected Software3
Positive Technologies
Positive Technologies
added 2014/07/22 12:0 a.m.3 views

PT-2014-1464 · Mozilla +1 · Firefox Esr +3

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 31.0 Firefox ESR versions prior to 24.7 Thunderbird versions prior to 24.7 Description: The issue is related to a use-after-free vulnerability in the FontTableRec destructor, allowing remote attackers to...

10CVSS6.4AI score0.04682EPSS
Exploits0References16
Mozilla
Mozilla
added 2014/07/22 12:0 a.m.39 views

Use-after-free in DirectWrite font handling — Mozilla

Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash...

10CVSS8.9AI score0.04682EPSS
Exploits0References2Affected Software3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.36 views

openSUSE Security Update : libreoffice (openSUSE-SU-2012:1686-1)

LibreOffice was updated to 3.5.4.13 3.5.6rc2 based, fixing a security issue and lots of bugs : - NULL pointer dereference bnc778669, CVE-2012-4233 - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix bnc734733 - update to...

4.3CVSS8.2AI score0.03482EPSS
Exploits0References25
OPENSUSE Linux
OPENSUSE Linux
added 2014/04/30 9:4 a.m.50 views

MozillaThunderbird,seamonkey (important)

Mozilla Thunderbird was updated to 24.4.0. Mozilla SeaMonkey was updated to 2.25. MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards MFSA 2014-17/CVE-2014-1497 bmo966311 Out of bounds read during WAV file decoding MFSA 2014-18/CVE-2014-1498 bmo935618...

9.3CVSS1AI score0.83633EPSS
Exploits20References1
RedHat Linux
RedHat Linux
added 2014/03/19 5:26 p.m.8 views

Mozilla: Information disclosure through polygon rendering in MathML (MFSA 2014-26)

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service out-of-bounds read and application...

9.1CVSS7AI score0.0427EPSS
Exploits1References5
Rows per page
Query Builder