Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2014-03-19	CVE-2014-1508	Out-Of-Bounds Read vulnerability in Mozilla products The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering. network low complexity mozilla redhat debian canonical suse opensuse CWE-125	6.4
2014-03-19	CVE-2014-1502	Origin Validation Error vulnerability in multiple products The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors. network opensuse opensuse-project suse oracle mozilla CWE-346	6.8
2014-03-19	CVE-2014-1500	Resource Exhaustion vulnerability in multiple products Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution. network low complexity opensuse opensuse-project oracle mozilla suse CWE-400	5.0
2014-03-19	CVE-2014-1499	Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt. network suse mozilla oracle opensuse opensuse-project	4.3
2014-03-19	CVE-2014-1498	Improper Verification of Cryptographic Signature vulnerability in multiple products The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. network low complexity suse oracle opensuse opensuse-project mozilla CWE-347	5.0
2014-03-19	CVE-2014-1497	Out-Of-Bounds Read vulnerability in multiple products The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. network mozilla debian suse opensuse canonical redhat CWE-125	6.8
2014-02-17	CVE-2014-2018	Cross-Site Scripting vulnerability in Mozilla Seamonkey, Thunderbird and Thunderbird ESR Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674. network mozilla CWE-79	4.3
2014-02-17	CVE-2013-6674	Cross-Site Scripting vulnerability in Mozilla Seamonkey, Thunderbird and Thunderbird ESR Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018. network mozilla CWE-79	4.3
2014-02-06	CVE-2014-1491	Inadequate Encryption Strength vulnerability in Mozilla products Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value. network mozilla oracle fedoraproject opensuse suse debian canonical CWE-326	4.3
2014-02-06	CVE-2014-1480	Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products The file-download implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 does not properly restrict the timing of button selections, which allows remote attackers to conduct clickjacking attacks, and trigger unintended launching of a downloaded file, via a crafted web site. network opensuse suse oracle canonical mozilla CWE-1021	4.3