ALT-BU-2014-2594-1
Branch p7 update bulletin.
Package kernel-image-un-def updated to version 3.13.3-alt1 for branch p7 in task 114614.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-2038
The nfs_can_extend_write function in fs/nfs/write.c in the Linux kernel before 3.13.3 relies on a write delegation to extend a write operation without a certain up-to-date verification, which allows local users to obtain sensitive information from kernel memory in opportunistic circumstances by writing to a file in an NFS filesystem and then reading the same file.
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=263b4509ec4d47e0da3e753f85a39ea12d1eff24
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=263b4509ec4d47e0da3e753f85a39ea12d1eff24
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.3
- [oss-security] 20140221 Re: Re: CVE request: Linux kernel: nfs: information leakage
- [oss-security] 20140221 Re: Re: CVE request: Linux kernel: nfs: information leakage
- USN-2137-1
- USN-2137-1
- USN-2140-1
- USN-2140-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1066939
- https://bugzilla.redhat.com/show_bug.cgi?id=1066939
- https://github.com/torvalds/linux/commit/263b4509ec4d47e0da3e753f85a39ea12d1eff24
- https://github.com/torvalds/linux/commit/263b4509ec4d47e0da3e753f85a39ea12d1eff24
Closed vulnerabilities
Modified: 2024-11-21
CVE-2013-1740
The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 64944
- 64944
- USN-2088-1
- USN-2088-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://bugs.gentoo.org/show_bug.cgi?id=498172
- https://bugs.gentoo.org/show_bug.cgi?id=498172
- https://bugzilla.mozilla.org/show_bug.cgi?id=919877
- https://bugzilla.mozilla.org/show_bug.cgi?id=919877
- https://bugzilla.redhat.com/show_bug.cgi?id=1053725
- https://bugzilla.redhat.com/show_bug.cgi?id=1053725
- https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes
- https://developer.mozilla.org/docs/NSS/NSS_3.15.4_release_notes
- mozilla-nss-cve20131740-info-disc(90394)
- mozilla-nss-cve20131740-info-disc(90394)
Modified: 2024-11-21
CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102876
- 102876
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 56706
- 56706
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 65335
- 65335
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=930857
- https://bugzilla.mozilla.org/show_bug.cgi?id=930857
- https://bugzilla.mozilla.org/show_bug.cgi?id=930874
- https://bugzilla.mozilla.org/show_bug.cgi?id=930874
- mozilla-nss-cve20141490-code-exec(90885)
- mozilla-nss-cve20141490-code-exec(90885)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1491
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
- http://hg.mozilla.org/projects/nss/rev/12c42006aed8
- http://hg.mozilla.org/projects/nss/rev/12c42006aed8
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- DSA-2994
- DSA-2994
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 65332
- 65332
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=934545
- https://bugzilla.mozilla.org/show_bug.cgi?id=934545
- firefox-nss-cve20141491-unspecified(90886)
- firefox-nss-cve20141491-unspecified(90886)
- GLSA-201504-01
- GLSA-201504-01
Closed vulnerabilities
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
Package thunderbird updated to version 24.3.0-alt0.M70P.1 for branch p7 in task 114772.
Closed vulnerabilities
BDU:2014-00234
Уязвимость браузера Firefox, позволяющая злоумышленнику получить доступ к аутентификационным данным
BDU:2014-00235
Уязвимость браузера Firefox ESR, позволяющая злоумышленнику получить доступ к аутентификационным данным
BDU:2014-00236
Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику получить доступ к аутентификационным данным
BDU:2014-00237
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику получить доступ к аутентификационным данным
BDU:2014-00257
Уязвимость браузера Firefox, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00258
Уязвимость браузера Firefox ESR, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00259
Уязвимость почтового клиента Thunderbird позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00260
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00265
Уязвимость браузера Firefox, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00266
Уязвимость браузера Firefox ESR, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00267
Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00268
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику выполнить произвольный код или вызвать отказ в обслуживании
BDU:2014-00286
Уязвимость браузера Firefox, позволяющая злоумышленнику обойти ограничения на оконные объекты
BDU:2014-00287
Уязвимость браузера Firefox ESR, позволяющая злоумышленнику обойти ограничения на оконные объекты
BDU:2014-00288
Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику обойти ограничения на оконные объекты
BDU:2014-00289
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику обойти ограничения на оконные объекты
BDU:2014-00294
Уязвимость браузера Firefox, позволяющая злоумышленнику обойти ограничения
BDU:2014-00295
Уязвимость браузера Firefox ESR, позволяющая злоумышленнику обойти ограничения
BDU:2014-00296
Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику обойти ограничения
BDU:2014-00297
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику обойти ограничения
BDU:2014-00298
Уязвимость браузера Firefox, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании
BDU:2014-00299
Уязвимость браузера Firefox ESR, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании
BDU:2014-00300
Уязвимость почтового клиента Thunderbird, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании
BDU:2014-00301
Уязвимость пакета программ Mozilla SeaMonkey, позволяющая злоумышленнику выполнить произвольный код или выполнить отказ в обслуживании
Modified: 2024-11-21
CVE-2014-1477
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102864
- 102864
- RHSA-2014:0132
- RHSA-2014:0132
- RHSA-2014:0133
- RHSA-2014:0133
- 56706
- 56706
- 56761
- 56761
- 56763
- 56763
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-01.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-01.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 65317
- 65317
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=921470
- https://bugzilla.mozilla.org/show_bug.cgi?id=921470
- https://bugzilla.mozilla.org/show_bug.cgi?id=925896
- https://bugzilla.mozilla.org/show_bug.cgi?id=925896
- https://bugzilla.mozilla.org/show_bug.cgi?id=936808
- https://bugzilla.mozilla.org/show_bug.cgi?id=936808
- https://bugzilla.mozilla.org/show_bug.cgi?id=937132
- https://bugzilla.mozilla.org/show_bug.cgi?id=937132
- https://bugzilla.mozilla.org/show_bug.cgi?id=937697
- https://bugzilla.mozilla.org/show_bug.cgi?id=937697
- https://bugzilla.mozilla.org/show_bug.cgi?id=945334
- https://bugzilla.mozilla.org/show_bug.cgi?id=945334
- https://bugzilla.mozilla.org/show_bug.cgi?id=945939
- https://bugzilla.mozilla.org/show_bug.cgi?id=945939
- https://bugzilla.mozilla.org/show_bug.cgi?id=950000
- https://bugzilla.mozilla.org/show_bug.cgi?id=950000
- https://bugzilla.mozilla.org/show_bug.cgi?id=950438
- https://bugzilla.mozilla.org/show_bug.cgi?id=950438
- https://bugzilla.mozilla.org/show_bug.cgi?id=951366
- https://bugzilla.mozilla.org/show_bug.cgi?id=951366
- https://bugzilla.mozilla.org/show_bug.cgi?id=953114
- https://bugzilla.mozilla.org/show_bug.cgi?id=953114
- firefox-cve20141477-code-exec(90899)
- firefox-cve20141477-code-exec(90899)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1479
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes.
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102866
- 102866
- RHSA-2014:0132
- RHSA-2014:0132
- RHSA-2014:0133
- RHSA-2014:0133
- 56706
- 56706
- 56761
- 56761
- 56763
- 56763
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-02.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-02.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 65320
- 65320
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=911864
- https://bugzilla.mozilla.org/show_bug.cgi?id=911864
- firefox-cve20141479-sec-bypass(90898)
- firefox-cve20141479-sec-bypass(90898)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1481
Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines.
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102863
- 102863
- RHSA-2014:0132
- RHSA-2014:0132
- RHSA-2014:0133
- RHSA-2014:0133
- 56706
- 56706
- 56761
- 56761
- 56763
- 56763
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-13.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-13.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 65326
- 65326
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=936056
- https://bugzilla.mozilla.org/show_bug.cgi?id=936056
- firefox-cve20141481-sec-bypass(90883)
- firefox-cve20141481-sec-bypass(90883)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1482
RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent access to discarded data, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect write operations) via crafted image data, as demonstrated by Goo Create.
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102868
- 102868
- RHSA-2014:0132
- RHSA-2014:0132
- RHSA-2014:0133
- RHSA-2014:0133
- 56706
- 56706
- 56761
- 56761
- 56763
- 56763
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-04.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-04.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 65328
- 65328
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=943803
- https://bugzilla.mozilla.org/show_bug.cgi?id=943803
- firefox-cve20141482-code-exec(90894)
- firefox-cve20141482-code-exec(90894)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1486
Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data.
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102872
- 102872
- RHSA-2014:0132
- RHSA-2014:0132
- RHSA-2014:0133
- RHSA-2014:0133
- 56706
- 56706
- 56761
- 56761
- 56763
- 56763
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-08.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-08.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 65334
- 65334
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=942164
- https://bugzilla.mozilla.org/show_bug.cgi?id=942164
- firefox-cve20141486-code-exec(90890)
- firefox-cve20141486-code-exec(90890)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1487
The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy and obtain sensitive authentication information via vectors involving error messages.
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=VYQsgaFpQ2k
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- http://download.novell.com/Download?buildid=Y2fux-JW1Qc
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102873
- 102873
- RHSA-2014:0132
- RHSA-2014:0132
- RHSA-2014:0133
- RHSA-2014:0133
- 56706
- 56706
- 56761
- 56761
- 56763
- 56763
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-09.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-09.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- 65330
- 65330
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=947592
- https://bugzilla.mozilla.org/show_bug.cgi?id=947592
- mozilla-cve20141487-info-disc(90889)
- mozilla-cve20141487-info-disc(90889)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1490
Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 102876
- 102876
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 56706
- 56706
- 56767
- 56767
- 56787
- 56787
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 65335
- 65335
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://8pecxstudios.com/?page_id=44080
- https://8pecxstudios.com/?page_id=44080
- https://bugzilla.mozilla.org/show_bug.cgi?id=930857
- https://bugzilla.mozilla.org/show_bug.cgi?id=930857
- https://bugzilla.mozilla.org/show_bug.cgi?id=930874
- https://bugzilla.mozilla.org/show_bug.cgi?id=930874
- mozilla-nss-cve20141490-code-exec(90885)
- mozilla-nss-cve20141490-code-exec(90885)
- GLSA-201504-01
- GLSA-201504-01
Modified: 2024-11-21
CVE-2014-1491
Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.
- http://hg.mozilla.org/projects/nss/rev/12c42006aed8
- http://hg.mozilla.org/projects/nss/rev/12c42006aed8
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
- FEDORA-2014-2041
- FEDORA-2014-2041
- FEDORA-2014-2083
- FEDORA-2014-2083
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0212
- openSUSE-SU-2014:0213
- openSUSE-SU-2014:0213
- SUSE-SU-2014:0248
- SUSE-SU-2014:0248
- openSUSE-SU-2014:0419
- openSUSE-SU-2014:0419
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 56858
- 56858
- 56888
- 56888
- 56922
- 56922
- DSA-2858
- DSA-2858
- DSA-2994
- DSA-2994
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-12.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
- 65332
- 65332
- 1029717
- 1029717
- 1029720
- 1029720
- 1029721
- 1029721
- USN-2102-1
- USN-2102-1
- USN-2102-2
- USN-2102-2
- USN-2119-1
- USN-2119-1
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=934545
- https://bugzilla.mozilla.org/show_bug.cgi?id=934545
- firefox-nss-cve20141491-unspecified(90886)
- firefox-nss-cve20141491-unspecified(90886)
- GLSA-201504-01
- GLSA-201504-01
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.
No data currently available.