Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox_esr:24.6
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1557 |
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image. Published: July 23, 2014; 7:12:43 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-1556 |
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Published: July 23, 2014; 7:12:43 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-1555 |
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event. Published: July 23, 2014; 7:12:43 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2014-1551 |
Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, leading to improper handling of a DirectWrite font-face object. Published: July 23, 2014; 7:12:43 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-1547 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: July 23, 2014; 7:12:42 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2014-1544 |
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. Published: July 23, 2014; 7:12:42 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-3079 |
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. Published: May 01, 2012; 6:12:04 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |