Firefox Security Vulnerabilities and Issues — Firefox CVE List

Lucene search

MozillaFirefox

10 matches found

CVE•added 2014/06/11 10:57 a.m.•88 views

CVE-2014-1533

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.03419EPSS

CVE•added 2014/06/11 10:57 a.m.•86 views

CVE-2014-1538

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS9.6AI score0.02223EPSS

CVE•added 2014/06/11 10:57 a.m.•75 views

CVE-2014-1541

Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupti...

10CVSS9.6AI score0.00613EPSS

CVE•added 2014/06/11 10:57 a.m.•73 views

CVE-2014-1536

The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

10CVSS9.5AI score0.00669EPSS

CVE•added 2014/06/11 10:57 a.m.•68 views

CVE-2014-1534

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.01913EPSS

CVE•added 2014/06/11 10:57 a.m.•68 views

CVE-2014-1542

Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.

6.8CVSS9.5AI score0.0293EPSS

CVE•added 2014/06/11 10:57 a.m.•58 views

CVE-2014-1539

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

5CVSS9.1AI score0.00838EPSS

CVE•added 2014/06/11 10:57 a.m.•57 views

CVE-2014-1540

Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.

9.3CVSS9.5AI score0.0039EPSS

CVE•added 2014/06/11 10:57 a.m.•52 views

CVE-2014-1537

Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

10CVSS9.5AI score0.01513EPSS

CVE•added 2014/06/11 10:57 a.m.•46 views

CVE-2014-1543

Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.

7.5CVSS9.4AI score0.03404EPSS