CVE-2014-2497
- EPSS 22.32%
- Veröffentlicht 21.03.2014 14:55:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
- EPSS 8.1%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and app...
CVE-2014-1497
- EPSS 2.83%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause...
CVE-2014-1505
- EPSS 4%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the S...
CVE-2014-1508
- EPSS 4.27%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of...
CVE-2014-1509
- EPSS 5.03%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a ...
CVE-2014-1510
- EPSS 82.34%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment t...
CVE-2014-1511
- EPSS 83.63%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
- EPSS 31.37%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary code by trigge...
CVE-2014-1513
- EPSS 5.58%
- Veröffentlicht 19.03.2014 10:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an ArrayBuffer object, which allows remote attackers to exec...