Mozilla : Security Vulnerabilities, CVEs, Published In June 2014
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.
Max CVSS
10.0
EPSS Score
6.98%
Published
2014-06-11
Updated
2017-12-28
Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox before 30.0 allow remote attackers to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.
Max CVSS
7.5
EPSS Score
24.71%
Published
2014-06-11
Updated
2017-12-28
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.
Max CVSS
6.8
EPSS Score
1.86%
Published
2014-06-11
Updated
2018-10-30
Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.
Max CVSS
10.0
EPSS Score
8.01%
Published
2014-06-11
Updated
2017-12-28
Use-after-free vulnerability in the nsEventListenerManager::CompileEventHandlerInternal function in the Event Listener Manager in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted web content.
Max CVSS
9.3
EPSS Score
2.36%
Published
2014-06-11
Updated
2017-12-28
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.
Max CVSS
5.0
EPSS Score
0.60%
Published
2014-06-11
Updated
2017-12-28
Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Max CVSS
10.0
EPSS Score
7.81%
Published
2014-06-11
Updated
2017-12-28
Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
Max CVSS
10.0
EPSS Score
8.20%
Published
2014-06-11
Updated
2017-12-28
The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.
Max CVSS
10.0
EPSS Score
8.90%
Published
2014-06-11
Updated
2017-12-28
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
5.78%
Published
2014-06-11
Updated
2017-12-28
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
8.92%
Published
2014-06-11
Updated
2017-12-28
11 vulnerabilities found