FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 34.0,1
firefox-esr < 31.3.0,1
linux-firefox < 34.0,1
linux-seamonkey < 2.31
linux-thunderbird < 31.3.0
seamonkey < 2.31
thunderbird < 31.3.0
libxul < 31.3.0
nss < 3.17.3

Details

VuXML ID 7ae61870-9dd2-4884-a2f2-f19bb5784d09
Discovery 2014-12-01
Entry 2014-12-02

The Mozilla Project reports:

ASN.1 DER decoding of lengths is too permissive, allowing undetected smuggling of arbitrary data

MFSA-2014-90 Apple CoreGraphics framework on OS X 10.10 logging input data to /tmp directory

MFSA-2014-89 Bad casting from the BasicThebesLayer to BasicContainerLayer

MFSA-2014-88 Buffer overflow while parsing media content

MFSA-2014-87 Use-after-free during HTML5 parsing

MFSA-2014-86 CSP leaks redirect data via violation reports

MFSA-2014-85 XMLHttpRequest crashes with some input streams

MFSA-2014-84 XBL bindings accessible via improper CSS declarations

MFSA-2014-83 Miscellaneous memory safety hazards (rv:34.0 / rv:31.3)

References

CVE Name CVE-2014-1569
CVE Name CVE-2014-1587
CVE Name CVE-2014-1588
CVE Name CVE-2014-1589
CVE Name CVE-2014-1590
CVE Name CVE-2014-1591
CVE Name CVE-2014-1592
CVE Name CVE-2014-1593
CVE Name CVE-2014-1594
CVE Name CVE-2014-1595
URL https://www.mozilla.org/security/advisories/
URL https://www.mozilla.org/security/advisories/mfsa2014-83
URL https://www.mozilla.org/security/advisories/mfsa2014-84
URL https://www.mozilla.org/security/advisories/mfsa2014-85
URL https://www.mozilla.org/security/advisories/mfsa2014-86
URL https://www.mozilla.org/security/advisories/mfsa2014-87
URL https://www.mozilla.org/security/advisories/mfsa2014-88
URL https://www.mozilla.org/security/advisories/mfsa2014-89
URL https://www.mozilla.org/security/advisories/mfsa2014-90