Lucene search

K

64 matches found

CVE
CVE
added 2014/10/15 10:55 a.m.64 views

CVE-2014-1585

The WebRTC video-sharing feature in dom/media/MediaManager.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not properly recognize Stop Sharing actions for videos in IFRAME elements, which allows remote attackers to obtain sensitive information...

5CVSS8.7AI score0.00695EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.63 views

CVE-2014-1559

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.

4.3CVSS8.7AI score0.00551EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.62 views

CVE-2014-1549

The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applic...

9.3CVSS9.7AI score0.02172EPSS
CVE
CVE
added 2014/09/03 10:55 a.m.62 views

CVE-2014-1563

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation ...

10CVSS9.5AI score0.01154EPSS
CVE
CVE
added 2014/10/15 10:55 a.m.62 views

CVE-2014-1586

content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 does not consider whether WebRTC video sharing is occurring, which allows remote attackers to obtain sensitive information from the local camera in certain IFRAME situation...

5CVSS8.6AI score0.00695EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.61 views

CVE-2014-1551

Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrit...

10CVSS9.5AI score0.04308EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.60 views

CVE-2013-6674

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a rela...

4.3CVSS7.8AI score0.19975EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.60 views

CVE-2014-1558

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.

4.3CVSS8.7AI score0.00551EPSS
CVE
CVE
added 2014/09/03 10:55 a.m.60 views

CVE-2014-1565

The mozilla::dom::AudioEventTimeline function in the Web Audio API implementation in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 does not properly create audio timelines, which allows remote attackers to obtain sensitive information from process memor...

5CVSS8.9AI score0.00587EPSS
CVE
CVE
added 2014/06/11 10:57 a.m.57 views

CVE-2014-1539

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

5CVSS9.1AI score0.00838EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.57 views

CVE-2014-1552

Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.

5.8CVSS9AI score0.00355EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.55 views

CVE-2014-1560

Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context.

4.3CVSS8.7AI score0.00551EPSS
CVE
CVE
added 2014/02/17 10:55 p.m.53 views

CVE-2014-2018

Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED...

4.3CVSS7.7AI score0.19975EPSS
CVE
CVE
added 2014/12/11 11:59 a.m.52 views

CVE-2014-1595

Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by cre...

2.1CVSS2.8AI score0.00085EPSS
Total number of security vulnerabilities64