rpm package
opensuse/MozillaFirefox&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,480)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-1559 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558. | ||
| CVE-2014-1558 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559. | ||
| CVE-2014-1557 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code b | ||
| CVE-2014-1556 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. | ||
| CVE-2014-1555 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. | ||
| CVE-2014-1552 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. | ||
| CVE-2014-1550 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering. | ||
| CVE-2014-1549 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer | ||
| CVE-2014-1548 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| CVE-2014-1547 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi | ||
| CVE-2014-1544 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jul 23, 2014 | Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vect | ||
| CVE-2014-1545 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. | ||
| CVE-2014-1543 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device. | ||
| CVE-2014-1542 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. | ||
| CVE-2014-1541 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (h | ||
| CVE-2014-1540 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web co | ||
| CVE-2014-1539 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cur | ||
| CVE-2014-1538 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecif | ||
| CVE-2014-1537 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
| CVE-2014-1536 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 11, 2014 | The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. |
- CVE-2014-1559Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1558.
- CVE-2014-1558Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerability than CVE-2014-1559.
- CVE-2014-1557Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code b
- CVE-2014-1556Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
- CVE-2014-1555Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.
- CVE-2014-1552Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.
- CVE-2014-1550Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.
- CVE-2014-1549Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer
- CVE-2014-1548Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2014-1547Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi
- CVE-2014-1544Jul 23, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vect
- CVE-2014-1545Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
- CVE-2014-1543Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.
- CVE-2014-1542Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.
- CVE-2014-1541Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (h
- CVE-2014-1540Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web co
- CVE-2014-1539Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cur
- CVE-2014-1538Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecif
- CVE-2014-1537Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
- CVE-2014-1536Jun 11, 2014affected < 50.1.0-1.1fixed 50.1.0-1.1
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Page 97 of 124