Mozilla : Security Vulnerabilities, CVEs, Published In March 2014 (Code Execution)

CVE-2014-1514

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.
Max CVSS
9.8
EPSS Score
7.75%
Published
2014-03-19
Updated
2020-08-05

CVE-2014-1513

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based out-of-bounds write or read) via a crafted web site.
Max CVSS
9.3
EPSS Score
1.03%
Published
2014-03-19
Updated
2020-08-11

CVE-2014-1512

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by triggering extensive memory consumption while garbage collection is occurring, as demonstrated by improper handling of BumpChunk objects.
Max CVSS
10.0
EPSS Score
93.61%
Published
2014-03-19
Updated
2020-08-10

CVE-2014-1509

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a crafted extension that renders fonts in a PDF document.
Max CVSS
8.8
EPSS Score
2.23%
Published
2014-03-19
Updated
2020-08-03

CVE-2014-1494

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
9.3
EPSS Score
0.53%
Published
2014-03-19
Updated
2020-08-14

CVE-2014-1493

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
1.84%
Published
2014-03-19
Updated
2020-08-11
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close