Opensuse Project » Opensuse » 12.3 : Security Vulnerabilities, CVEs,
Array index error in the scanstring function in the _json module in Python 2.7 through 3.5 and simplejson before 2.6.1 allows context-dependent attackers to read arbitrary process memory via a negative index value in the idx argument to the raw_decode function.
Max CVSS
5.9
EPSS Score
0.31%
Published
2017-08-24
Updated
2022-07-13
The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document.
Max CVSS
4.3
EPSS Score
1.62%
Published
2014-06-11
Updated
2021-10-20
Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate.
Max CVSS
6.8
EPSS Score
1.32%
Published
2014-06-11
Updated
2018-10-30
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.
Max CVSS
10.0
EPSS Score
2.06%
Published
2014-04-30
Updated
2018-10-30
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.54%
Published
2014-03-19
Updated
2020-08-14
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.
Max CVSS
5.0
EPSS Score
3.24%
Published
2014-03-19
Updated
2020-08-14
Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.
Max CVSS
4.3
EPSS Score
0.60%
Published
2014-03-19
Updated
2020-08-14
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
Max CVSS
5.0
EPSS Score
2.92%
Published
2014-03-19
Updated
2020-08-14
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Max CVSS
9.3
EPSS Score
0.53%
Published
2014-03-19
Updated
2020-08-14
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.
Max CVSS
4.3
EPSS Score
0.95%
Published
2014-02-06
Updated
2018-10-30
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.
Max CVSS
5.0
EPSS Score
0.22%
Published
2014-02-06
Updated
2018-10-30
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.
Max CVSS
4.3
EPSS Score
2.34%
Published
2014-08-26
Updated
2018-10-30
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.
Max CVSS
4.3
EPSS Score
0.21%
Published
2014-02-20
Updated
2019-08-08
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
Max CVSS
5.8
EPSS Score
1.13%
Published
2013-12-11
Updated
2018-10-30
14 vulnerabilities found