35 matches found
CVE-2017-5753
CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...
CVE-2013-4854
CVE-2013-4854 affects ISC BIND, where the RFC 5011 RDATA handling in rdata.c can trigger an assertion failure during log message construction when processing a malformed RDATA, allowing remote DoS with named exiting. Vulnerable ranges include BIND 9.7.x and 9.8.x before 9.8.5-P2 and 9.8.6b1, 9.9....
CVE-2014-1510
CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...
CVE-2014-1509
CVE-2014-1509 is a buffer overflow in cairo's _cairo_truetype_index_to_ucs4 function that affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The vulnerability can allow remote code execution via a crafted extension that renders f...
CVE-2016-5244
CVE-2016-5244 affects the Linux kernel and involves the function rds_inc_info_copy in net/rds/recv.c not initializing a structure member. This can enable a remote attacker to read sensitive information from kernel stack memory by processing an RDS message, with impact described as kernel informat...
CVE-2013-5609
CVE-2013-5609 is a set of memory-corruption/denial-of-service vulnerabilities in the Mozilla Firefox browser engine, affecting Firefox (including ESR 24.x) and related products prior to versions around 26.0 (per the referenced MiracleLinux AXSA advisories). The issues could allow remote attackers...
CVE-2014-1477
CVE-2014-1477 affects Mozilla Firefox before 27.0 (and related ESR/Thunderbird/SeaMonkey versions) where the browser engine contains multiple unspecified vulnerabilities that could lead to memory corruption, application crashes, or possibly arbitrary code execution via unknown vectors. Exploitati...
CVE-2014-1514
CVE-2014-1514 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue arises from not validating the length of the destination array before a copy operation in TypedArrayObject, allowing remote attackers to execute arbitrary...
CVE-2014-1493
CVE-2014-1493 is a Mozilla Firefox/Thunderbird/SeaMonkey browser-engine vulnerability reported in multiple advisories. IBM Storwize V7000 Unified and IBM SONAS bulletins note these issues affect shipped Firefox and advise upgrading to version 1.4.3.3 (Storwize Unified) or 1.4.3.3 (SONAS) to apply...
CVE-2014-1508
CVE-2014-1508 affects Mozilla Firefox family components (libxul) where libxul.so!gfxContext::Polygon can leak memory, cause out-of-bounds reads, or crash, with potential Same Origin Policy bypass via MathML polygon rendering. Affected: Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbir...
CVE-2014-1512
The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...
CVE-2014-1486
CVE-2014-1486 is a use-after-free in Mozilla Firefox’s imgRequestProxy function (affecting Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24). The vulnerability enables remote code execution via image data with unspecified Content-Type values. Mirac...
CVE-2014-1479
CVE-2014-1479 affects Mozilla Firefox (including ESR 24.x line), Thunderbird, and SeaMonkey before versions around 27.0/24.x 24.3/SeaMonkey 2.24. The flaw, in the System Only Wrapper (SOW) implementation, does not prevent certain cloning operations, allowing remote attackers to bypass restriction...
CVE-2014-1497
CVE-2014-1497 affects mozilla::WaveReader::DecodeAudioData in Mozilla Firefox up to 28.0 (and ESR 24.x up to 24.4), Thunderbird up to 24.4, and SeaMonkey up to 2.25. A crafted WAV file can cause information disclosure from process heap memory and can trigger a denial of service via an out-of-boun...
CVE-2014-1481
CVE-2014-1481 affects Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24. It enables remote attackers to bypass restrictions on window objects by exploiting inconsistencies in native JavaScript engine getter methods. Impact per sources is...
CVE-2014-1482
CVE-2014-1482 affects Mozilla Firefox and related Mozilla products. The issue is that RasterImage.cpp does not prevent access to discarded image data, enabling remote attackers to run arbitrary code or cause a denial of service via crafted image data (Goo Create demonstrated). Affected versions i...
CVE-2014-1513
The CVE-2014-1513 issue affects Mozilla Firefox (and related Mozilla suite components) prior to version 28.0, and Firefox ESR 24.x prior to 24.4, with Firefox/SeaMonkey/Thunderbird affecting ArrayBuffer usage. Root cause: TypedArrayObject mishandles a zero-length transition during ArrayBuffer use...
CVE-2014-1487
CVE-2014-1487 affects Mozilla Firefox (Web workers) and related Mozilla suite components. The issue allows remote attackers to bypass Same Origin Policy and obtain sensitive authentication data via error-message handling in Web workers, affecting Firefox versions before 27.0 (and ESR 24.x before ...
CVE-2013-5613
Mode C: Detailed vulnerability note for CVE-2013-5613. Affected product/variant: Mozilla Firefox components shipped in MiracleLinux 3 (firefox-24.4.0-1.0.1.AXS3) per AXSA:2014-233:01. Root cause: Use-after-free in PresShell::DispatchSynthMouseMove, linked to RestyleManager::GetHoverGeneration, en...
CVE-2016-3951
CVE-2016-3951 concerns a double-free in Linux kernel drivers/net/usb/cdc_ncm.c, exploitable when a USB device with an invalid descriptor is inserted. Affected: Linux kernel pre-4.5; impact: denial of service (system crash) and potential unspecified effects. The linked Unity security advisories co...
CVE-2015-8845
CVE-2015-8845 affects the Linux kernel on powerpc platforms prior to 4.4.1. The vulnerability arises because the tm_reclaim_thread function in arch/powerpc/kernel/process.c may proceed with a TM reclaim call without verifying that TM suspend mode exists, enabling local users to trigger a denial o...
CVE-2013-5616
CVE-2013-5616 is a use-after-free in Mozilla Firefox before 26.0 (also affects ESR 24.x before 24.2, Thunderbird before 24.2, SeaMonkey before 2.23) triggered by nsEventListenerManager::HandleEventSubType. Exploitation could lead to remote code execution or a denial of service due to heap memory ...
CVE-2013-5618
CVE-2013-5618 is a use-after-free in Mozilla Firefox’s table-editing UI (nsNodeUtils::LastRelease). Affected: Firefox < 26.0, Firefox ESR < 24.2, Thunderbird < 24.2, SeaMonkey
CVE-2013-5615
CVE-2013-5615 concerns GetElementIC typed array stubs being generated outside observed typesets in the Mozilla JavaScript engine. The connected vendor notes identify affected products as Mozilla Firefox (and related Firefox ESR/Thunderbird/SeaMonkey lines in the 2013 MFSA bundle) with fixes imple...
CVE-2014-1483
Technical details for CVE-2014-1483 are not publicly provided in the connected documents; sources reference the CVE but do not disclose affected products, versions, root cause, impact, or fixes. Monitor for updates.
CVE-2013-6673
Technical details about CVE-2013-6673 are not publicly available in the provided connected documents; monitor for updates.
CVE-2012-5830
CVE-2012-5830 is a use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X that allows remote attackers to execute arbitrary code via an HTML document. The con...
CVE-2013-6671
CVE-2013-6671 affects Mozilla Firefox before 26.0 (and corresponding ESR/Thunderbird/SeaMonkey releases listed) where nsGfxScrollFrameInner::IsLTR can be abused by crafted JavaScript used with ordered list elements to trigger remote code execution. The vulnerability is a browser-engine issue that...
CVE-2014-1511
CVE-2014-1511 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue is described as a remote bypass of the popup blocker via unspecified vectors. Public security advisories in 2014 consolidate Firefox/Thunderbird/SeaMonkey...
CVE-2013-4419
CVE-2013-4419 affects libguestfs guestfish when using --remote/--listen: temporary socket ownership is not properly checked under /tmp/.guestfish-$UID/, allowing a local user to pre-create that directory and then write to the socket to execute commands. Affected are libguestfs versions up to and ...
CVE-2015-3340
CVE-2015-3340 affects Xen 4.2.x through 4.5.x and involves uninitialized fields, allowing certain remote domains to read sensitive memory content via XEN_DOMCTL_gettscinfo or XEN_SYSCTL_getdomaininfolist. Public advisories (e.g., Debian DSA-3414) classify this as a denial of information disclosur...
CVE-2015-0500
CVE-2015-0500 is an unspecified vulnerability affecting Oracle MySQL Server 5.6.23 and earlier, permitting remote authenticated users to affect availability via unknown vectors. The issue is listed in multiple advisories and OpenVAS entries; affected version range is 5.6.23 and earlier. The provi...
CVE-2014-1496
CVE-2014-1496 affects Mozilla Firefox (up to 28.0) and related Mozilla suite components (Firefox ESR 24.x up to 24.4, Thunderbird up to 24.4, SeaMonkey up to 2.25). The vulnerability allows local users to gain privileges by modifying the extracted Mar contents during an update, constituting a loc...
CVE-2015-0439
CVE-2015-0439 is an unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier that could allow remote authenticated users to affect availability via unknown vectors in the InnoDB component. The issue is described as involving the Server : InnoDB with the same or related CVEs, and remedi...
CVE-2013-1864
The CVE-2013-1864 issue affects PTLib (Portable Tool Library) before 2.10.10 as used in Ekiga before 4.0.1. The vulnerability arises from improper detection of recursion during entity expansion, enabling a remote attacker to cause a denial of service via crafted PXML documents with a very large n...