Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): browser
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1715 |
Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-level restrictions via a crafted Silverlight application, aka "Microsoft Silverlight Out of Browser Application Vulnerability." Published: May 13, 2015; 6:59:39 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-3334 |
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. Published: April 19, 2015; 6:59:14 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-1247 |
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site. Published: April 19, 2015; 6:59:10 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1245 |
Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association. Published: April 19, 2015; 6:59:08 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-0815 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: April 01, 2015; 6:59:13 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0814 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: April 01, 2015; 6:59:13 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2061 |
Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. Published: March 09, 2015; 10:59:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-1226 |
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. Published: March 08, 2015; 8:59:19 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0836 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: February 25, 2015; 6:59:16 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-0835 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: February 25, 2015; 6:59:15 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9648 |
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. Published: January 27, 2015; 3:01:43 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-7936 |
Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble. Published: January 22, 2015; 5:59:17 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-7935 |
Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab. Published: January 22, 2015; 5:59:16 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8635 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: January 14, 2015; 6:59:04 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-8634 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: January 14, 2015; 6:59:03 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2014-9269 |
Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT 1.1.0a1 through 1.2.x before 1.2.18, when Extended project browser is enabled, allows remote attackers to inject arbitrary web script or HTML via the project cookie. Published: January 09, 2015; 1:59:01 PM -0500 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2014-1449 |
The Maxthon Cloud Browser application before 4.1.6.2000 for Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses the history API. Published: December 25, 2014; 4:59:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2014-1588 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 11, 2014; 6:59:01 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-1587 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: December 11, 2014; 6:59:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-6075 |
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. Published: November 27, 2014; 9:59:05 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |