Skip to main content
CVE-2014-1510 CRITICAL POC THREAT Emergency

The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%.

Mozilla Privilege Escalation Google Firefox Seamonkey +15
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
71.1%
Threat
5.6
CVE-2014-1511 CRITICAL POC THREAT Emergency

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.5%.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +13
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
70.5%
Threat
5.6
CVE-2014-2120 MEDIUM KEV THREAT This Month

Cross-site scripting (XSS) vulnerability in the WebVPN login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via an unspecified. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 63.9%.

Cisco XSS
NVD VulDB
CVSS 3.1
6.1
EPSS
63.9%
Threat
4.6
CVE-2014-1512 CRITICAL POC THREAT Emergency

Use-after-free vulnerability in the TypeObject class in the JavaScript engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Memory Corruption Mozilla RCE Use After Free Firefox +15
NVD
CVSS 2.0
10.0
EPSS
12.9%
CVE-2014-1514 CRITICAL POC Act Now

vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla Buffer Overflow RCE +16
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2014-1493 CRITICAL POC Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mozilla Buffer Overflow RCE Firefox +15
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2014-1508 CRITICAL POC Act Now

The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox +15
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2014-1513 HIGH POC This Week

TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not prevent a zero-length transition during use of an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Mozilla Buffer Overflow RCE +16
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2014-1509 HIGH POC This Week

Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Buffer Overflow RCE Firefox Seamonkey +13
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2014-1497 HIGH POC This Week

The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Information Disclosure Mozilla Buffer Overflow Firefox +15
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2014-1505 HIGH POC This Week

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +13
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2014-2339 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gnuboard
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
0.3%
CVE-2014-1496 MEDIUM POC This Month

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Privilege Escalation Firefox Seamonkey Thunderbird +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2014-1507 CRITICAL Act Now

Directory traversal vulnerability in the DeviceStorage API in Mozilla FirefoxOS before 1.2.2 allows attackers to bypass the media sandbox protection mechanism, and read or modify arbitrary files, via. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Mozilla Solaris Firefoxos
NVD VulDB
CVSS 2.0
9.3
EPSS
0.7%
CVE-2014-1494 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Mozilla RCE Buffer Overflow Seamonkey +6
NVD VulDB
CVSS 2.0
9.3
EPSS
0.6%
CVE-2013-5952 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Com Freichat
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2013-5955 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Com Pbbooking
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1979 MEDIUM This Month

The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java RCE Google Code Injection Spmode Mail Android
NVD VulDB
CVSS 2.0
6.8
EPSS
0.5%
CVE-2014-1502 MEDIUM This Month

The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Opensuse Linux Enterprise Desktop Linux Enterprise Server +4
NVD VulDB
CVSS 2.0
6.8
EPSS
0.3%
CVE-2014-1506 MEDIUM This Month

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mozilla Google Denial Of Service Firefox +1
NVD VulDB
CVSS 2.0
6.4
EPSS
1.5%
CVE-2014-1501 MEDIUM This Month

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Privilege Escalation Google Solaris Firefox +3
NVD VulDB
CVSS 2.0
5.8
EPSS
0.2%
CVE-2014-1500 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Opensuse Solaris Firefox +4
NVD VulDB
CVSS 2.0
5.0
EPSS
2.3%
CVE-2014-2122 MEDIUM This Month

Memory leak in the GUI in the Impact server in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Hosted Collaboration Solution
NVD VulDB
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-2121 MEDIUM This Month

The Java-based software in Cisco Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (closing of TCP ports) via unspecified vectors, aka Bug IDs CSCug77633,. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Hosted Collaboration Solution
NVD VulDB
CVSS 2.0
5.0
EPSS
0.8%
CVE-2014-1498 MEDIUM This Month

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jwt Attack Mozilla Denial Of Service Linux Enterprise Desktop Linux Enterprise Server +5
NVD VulDB
CVSS 2.0
5.0
EPSS
0.5%
CVE-2014-1499 MEDIUM This Month

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Linux Enterprise Desktop Linux Enterprise Server Linux Enterprise Software Development Kit +4
NVD VulDB
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-5953 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP Com Multicalendar
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-1978 MEDIUM This Month

The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Spmode Mail Android
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-1977 MEDIUM This Month

The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Google Spmode Mail Android
NVD VulDB
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-1504 LOW Monitor

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.

XSS Mozilla Privilege Escalation Firefox Seamonkey +5
NVD VulDB
CVSS 2.0
2.6
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy