- Home
- CVEs with nessus.description==This updates the Mozilla Firefox browser to the 24.3.0ESR security
release. The Mozilla NSS libraries are now on version 3.15.4.
The following security issues have been fixed :
- Memory safety bugs fixed in Firefox ESR 24.3 and Firefox
27.0 (CVE-2014-1477)(bnc#862345). (MFSA 2014-01)
- Using XBL scopes its possible to steal(clone) native
anonymous content (CVE-2014-1479)(bnc#862348). (MFSA
2014-02)
- Download 'open file' dialog delay is too quick, doesn't
prevent clickjacking. (CVE-2014-1480). (MFSA 2014-03)
- Image decoding causing FireFox to crash with Goo Create
(CVE-2014-1482)(bnc#862356). (MFSA 2014-04)
- caretPositionFromPoint and elementFromPoint leak
information about iframe contents via timing information
(CVE-2014-1483)(bnc#862360). (MFSA 2014-05)
- Fennec leaks profile path to logcat. (CVE-2014-1484).
(MFSA 2014-06)
- CSP should block XSLT as script, not as style.
(CVE-2014-1485). (MFSA 2014-07)
- imgRequestProxy Use-After-Free Remote Code Execution
Vulnerability. (CVE-2014-1486). (MFSA 2014-08)
- Cross-origin information disclosure with error message
of Web Workers. (CVE-2014-1487). (MFSA 2014-09)
- settings & history ID bug. (CVE-2014-1489). (MFSA
2014-10)
- Firefox reproducibly crashes when using asm.js code in
workers and transferable objects. (CVE-2014-1488). (MFSA
2014-11)
- TOCTOU, potential use-after-free in libssl's session
ticket processing (CVE-2014-1490)(bnc#862300) Do not
allow p-1 as a public DH value
(CVE-2014-1491)(bnc#862289). (MFSA 2014-12)
- Inconsistent this value when invoking getters on window
(CVE-2014-1481)(bnc#862309). (MFSA 2014-13)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top