From winvulns-announcements at bigmail.bigfix.com Fri Jul 11 05:20:36 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Fri, 11 Jul 2014 05:20:36 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 371 Published: Thu, 10 Jul 2014 18:53:52 GMT New Fixlets: ============ *************************************************************** Title: Vulnerability in OpenSSL 0.9.8k and earlier 0.9.8 versions, allows remote attackers to cause a denial of service (memory consumption) Severity: Medium Fixlet ID: 2422701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24227.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1377 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." *************************************************************** Title: Vulnerability in OpenSSL before 1.0.0 Beta 2, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) Severity: Medium Fixlet ID: 2470001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24700.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1387 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." *************************************************************** Title: Vulnerability in OpenSSL before 0.9.8n, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) Severity: Medium Fixlet ID: 2479201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24792.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0433 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot. *************************************************************** Title: Vulnerability in OpenSSL before 0.9.8o and 1.x before 1.0.0a, allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code Severity: High Fixlet ID: 2495001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24950.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0742 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8f through 0.9.8m, allows remote attackers to cause a denial of service (crash) Severity: Medium Fixlet ID: 2506501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25065.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0740 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8h through 0.9.8j, allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid Severity: Low Fixlet ID: 2508301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25083.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0591 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid. *************************************************************** Title: Vulnerability in OpenSSL before 0.9.8k on WIN64, allows remote attackers to cause a denial of service (invalid memory access and application crash) Severity: Medium Fixlet ID: 2508601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25086.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0789 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key. *************************************************************** Title: Vulnerability in OpenSSL before 0.9.8i, allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL Severity: Medium Fixlet ID: 2509701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25097.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in OpenSSL before 0.9.8i, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. *************************************************************** Title: Vulnerability in OpenSSL before 0.9.8i, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) Severity: Medium Fixlet ID: 2510801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25108.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1386 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. *************************************************************** Title: Vulnerability in OpenSSL 1.0.0 Beta 2, allows remote attackers to cause a denial of service (openssl s_client crash) Severity: Medium Fixlet ID: 2511901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25119.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1379 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4, allows remote attackers to cause a denial of service (memory consumption) Severity: Medium Fixlet ID: 2512401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25124.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4355 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Memory leak in the zlib_stateful_finish function in crypto/comp/c_zlib.c in OpenSSL 0.9.8l and earlier and 1.0.0 Beta through Beta 4 allows remote attackers to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function, as demonstrated by use of SSLv3 and PHP with the Apache HTTP Server, a related issue to CVE-2008-1678. *************************************************************** Title: Vulnerability in OpenSSL before 0.9.8m, does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c Severity: High Fixlet ID: 2515801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25158.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3245 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. *************************************************************** Title: Vulnerability in OpenSSL 0.9.8 through 0.9.8k, might allow remote attackers to spoof certificates Severity: Medium Fixlet ID: 2518001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25180.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2409 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The Network Security Services (NSS) library before 3.12.3, as used in OpenSSL 0.9.8 through 0.9.8k, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. *************************************************************** Title: Vulnerability in OpenSSL before 0.9.8k, allows remote attackers to cause a denial of service (invalid memory access and application crash) Severity: Medium Fixlet ID: 2519601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25196.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0590 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length. *************************************************************** Title: Vulnerability in OpenSSL 0.9.6, allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack Severity: High Fixlet ID: 2521201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25212.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0653 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970. From winvulns-announcements at bigmail.bigfix.com Wed Jul 16 05:20:18 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 16 Jul 2014 05:20:18 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 374 Published: Tue, 15 Jul 2014 18:54:33 GMT New Fixlets: ============ *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2806 (MS14-037) Severity: High Fixlet ID: 2428001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24280.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2806 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2795 (MS14-037) Severity: High Fixlet ID: 2449601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24496.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2795 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Ancillary Function Driver Elevation of Privilege Vulnerability - CVE-2014-1767 (MS14-040) Severity: High Fixlet ID: 2459201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24592.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1767 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2789 (MS14-037) Severity: High Fixlet ID: 2474401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24744.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2789 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors Severity: High Fixlet ID: 2478301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24783.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0539 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2785 (MS14-037) Severity: High Fixlet ID: 2480501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24805.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2785 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Windows journal remote code execution vulnerability - CVE-2014-1824 (MS14-038) Severity: High Fixlet ID: 2487101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24871.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1824 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2798 (MS14-037) Severity: High Fixlet ID: 2489501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24895.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2798 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2794 (MS14-037) Severity: High Fixlet ID: 2490401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24904.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2794 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2792 (MS14-037) Severity: High Fixlet ID: 2491001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24910.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2792 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2790 (MS14-037) Severity: High Fixlet ID: 2491501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24915.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2790 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2788 (MS14-037) Severity: High Fixlet ID: 2491701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24917.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2788 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors Severity: High Fixlet ID: 2493101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24931.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0537 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2813 (MS14-037) Severity: High Fixlet ID: 2496701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24967.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2813 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Extended Validation (EV) Certificate Security Feature Bypass Vulnerability - CVE-2014-2783 (MS14-037) Severity: Medium Fixlet ID: 2499001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24990.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2783 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-1763 (MS14-037) Severity: High Fixlet ID: 2501201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25012.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1763 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Use-after-free vulnerability in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2809 (MS14-037) Severity: High Fixlet ID: 2503401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25034.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2809 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2791 (MS14-037) Severity: High Fixlet ID: 2504801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25048.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2791 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2787 (MS14-037) Severity: High Fixlet ID: 2506301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25063.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2787 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-1765 (MS14-037) Severity: High Fixlet ID: 2509601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25096.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1765 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple use-after-free vulnerabilities in Microsoft Internet Explorer 11 allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanSecWest 2014. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2803 (MS14-037) Severity: High Fixlet ID: 2510501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25105.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2803 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: DirectShow Elevation of Privilege Vulnerability - CVE-2014-2780 (MS14-041) Severity: Medium Fixlet ID: 2511201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25112.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2780 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2804 (MS14-037) Severity: High Fixlet ID: 2514301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25143.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2804 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2797 (MS14-037) Severity: High Fixlet ID: 2516501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25165.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2797 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2807 (MS14-037) Severity: High Fixlet ID: 2518201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25182.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2807 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Service Bus Denial of Service Vulnerability - CVE-2014-2814 (MS14-042) Severity: Medium Fixlet ID: 2518401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25184.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2814 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2786 (MS14-037) Severity: High Fixlet ID: 2519001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25190.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2786 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK and Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors Severity: Medium Fixlet ID: 2519101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25191.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4671 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2800 (MS14-037) Severity: High Fixlet ID: 2520701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25207.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2800 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2802 (MS14-037) Severity: High Fixlet ID: 2520801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25208.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2802 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Win32k Elevation of Privilege Vulnerability - CVE-2014-2781 (MS14-039) Severity: High Fixlet ID: 2521301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25213.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2781 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. *************************************************************** Title: Internet Explorer Memory Corruption Vulnerability - CVE-2014-2801 (MS14-037) Severity: High Fixlet ID: 2521901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25219.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2801 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. From winvulns-announcements at bigmail.bigfix.com Wed Jul 30 05:20:17 2014 From: winvulns-announcements at bigmail.bigfix.com (Notification of New Vulnerabilties to Windows Systems Fixlet Messages) Date: Wed, 30 Jul 2014 05:20:17 -0700 Subject: [Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems' Message-ID: Fixlet Site - 'Vulnerabilities to Windows Systems' Current Version: 385 Published: Tue, 29 Jul 2014 19:58:39 GMT New Fixlets: ============ *************************************************************** Title: Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange e Severity: High Fixlet ID: 2455301 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24553.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1555 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Security researcher Jethro Beekman of the University of California, Berkeley reported a crash when the FireOnStateChange event is triggered in some circumstances. This leads to a use-after-free and a potentially exploitable crash when it occurs. *************************************************************** Title: Vulnerability in Google Chrome before 36.0.1985.125, allow attackers to cause a denial of service or possibly have other impact Severity: Medium Fixlet ID: 2478201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24782.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3162 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. *************************************************************** Title: Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, Severity: Medium Fixlet ID: 2479901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24799.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1561 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons within the visible window but does not otherwise affect customization or window content. *************************************************************** Title: Vulnerability in Google Chrome before 36.0.1985.125, allows remote attackers to bypass the Same Origin Policy via a crafted file Severity: High Fixlet ID: 2485501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24855.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3160 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. *************************************************************** Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability Severity: Medium Fixlet ID: 2486501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24865.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4261 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-2487. *************************************************************** Title: Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execut Severity: High Fixlet ID: 2491401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24914.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1544 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Security researchers Tyson Smith and Jesse Schwartzentruber used the Address Sanitizer tool while fuzzing to discover a use-after-free error resulting in a crash. This is a result of a pair of NSSCertificate structures being added to a trust domain and then one of them is removed while they are still in use by the trusted cache. This crash is potentially exploitable. *************************************************************** Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14 allows local users to affect confidentiality Severity: Medium Fixlet ID: 2492701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24927.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2487 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.14, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-4261. *************************************************************** Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly Severity: High Fixlet ID: 2496101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24961.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1547 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. *************************************************************** Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability Severity: Low Fixlet ID: 2497901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24979.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2477 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core *************************************************************** Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality Severity: Low Fixlet ID: 2498701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval24987.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2488 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality via unknown vectors related to Core. *************************************************************** Title: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkn Severity: High Fixlet ID: 2500201 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25002.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1548 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla developers and community identified identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. *************************************************************** Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability Severity: Low Fixlet ID: 2500601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25006.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2486 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect integrity and availability via unknown vectors related to Core. *************************************************************** Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerab Severity: Medium Fixlet ID: 2501601 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25016.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1558 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates. *************************************************************** Title: Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, Severity: High Fixlet ID: 2502701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25027.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1551 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla community member James Kitchener reported a crash in DirectWrite when rendering MathML content with specific fonts due to an error in how font resources and tables are handled. This leads to use-after-free of a DirectWrite font-face object, resulting in a potentially exploitable crash. *************************************************************** Title: The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a d Severity: High Fixlet ID: 2504101 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25041.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1549 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a buffer overflow during interaction with the Web Audio buffer for playback because of an error in the the amount of allocated memory for buffers. This leads to a potentially exploitable crash with some audio content. *************************************************************** Title: Unspecified vulnerability in the Oracle VM VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability Severity: Medium Fixlet ID: 2505401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25054.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2489 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests. *************************************************************** Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use ASCII character encoding in a required context. Severity: Medium Fixlet ID: 2509001 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25090.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1560 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates. *************************************************************** Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with Severity: Medium Fixlet ID: 2509801 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25098.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1552 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla developer Boris Zbarsky discovered an issue where network-level redirects cause an sandbox to forget its unique origin and behave as if the allow-same-origin keyword were applied. This allows the sandboxed content to access other content from the same origin without explicit approval. *************************************************************** Title: The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to Severity: High Fixlet ID: 2511701 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25117.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1557 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla community member John reported a crash in the Skia library when scaling high quality images if the scaling operation takes too long. This is caused by the image data being discarded while still in use by the scaling operation. This crash is potentially exploitable on some systems. *************************************************************** Title: Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio c Severity: High Fixlet ID: 2518901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25189.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1550 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG discovered a use-after-free in Web Audio due to an issue with how control messages for Web Audio are ordered and processed. This leads to a potentially exploitable crash. *************************************************************** Title: Unspecified vulnerability in the Oracle VM VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability Severity: Medium Fixlet ID: 2523501 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25235.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4228 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. *************************************************************** Title: Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (X.509 certificate parsing outage) via a crafted certificate that does not use UTF-8 character encoding in a required context, a different vulnerab Severity: Medium Fixlet ID: 2526401 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25264.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1559 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Mozilla security researcher Christian Holler discovered several issues while fuzzing the parsing of SSL certificates. Two of these issues were a result of using characters that are not UTF-8 in certificates when various functions expected all strings to be UTF-8 format. The third issue was a result of using characters that were not ASCII in certificates while a function expected only ASCII formatted text. All of these issues causes the certificates to be incorrectly parsed, leading to a potential inability to use valid SSL certificates. *************************************************************** Title: Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library. Severity: High Fixlet ID: 2527901 Fixlet Link: http://oval.mitre.org/oval/definitions/data/oval25279.html Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1556 Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo Fixlet Description: Developer Patrick Cozzi reported a crash in some circumstances when using the Cesium JavaScript library to generate WebGL content. Mozilla developers determined that this crash is potentially exploitable.