Vulnerabilities > Redhat > Enterprise Linux Desktop > Critical

DATE CVE VULNERABILITY TITLE RISK
2014-04-30 CVE-2014-1524 Classic Buffer Overflow vulnerability in multiple products
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object.
network
low complexity
mozilla canonical debian redhat opensuse suse fedoraproject CWE-120
critical
9.8
2014-04-30 CVE-2014-1532 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution.
network
low complexity
mozilla fedoraproject canonical debian redhat opensuse suse CWE-416
critical
9.8
2014-03-19 CVE-2014-1493 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical debian redhat opensuse suse CWE-119
critical
9.8
2014-03-19 CVE-2014-1508 Out-of-bounds Read vulnerability in multiple products
The libxul.so!gfxContext::Polygon function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process memory, cause a denial of service (out-of-bounds read and application crash), or possibly bypass the Same Origin Policy via vectors involving MathML polygon rendering.
network
low complexity
mozilla redhat debian canonical opensuse suse CWE-125
critical
9.1
2014-03-19 CVE-2014-1510 Improper Privilege Management vulnerability in multiple products
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
network
low complexity
mozilla canonical debian redhat opensuse suse CWE-269
critical
9.8
2014-03-19 CVE-2014-1511 Improper Privilege Management vulnerability in multiple products
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.
network
low complexity
mozilla canonical debian redhat opensuse suse CWE-269
critical
9.8
2014-03-19 CVE-2014-1514 Out-of-bounds Write vulnerability in multiple products
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by triggering incorrect use of the TypedArrayObject class.
network
low complexity
mozilla debian opensuse suse redhat canonical CWE-787
critical
9.8
2014-02-06 CVE-2014-1477 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical debian redhat fedoraproject opensuse suse
critical
9.8
2014-02-06 CVE-2014-1486 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
network
low complexity
mozilla fedoraproject opensuse suse debian canonical redhat CWE-416
critical
9.8
2014-02-05 CVE-2014-0497 Integer Underflow (Wrap or Wraparound) vulnerability in multiple products
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
network
low complexity
adobe google redhat suse opensuse CWE-191
critical
9.8