CVSS: 9.8EPSS: 1%CPEs: 148EXPL: 0CVE-2013-5595 – Mozilla: Improperly initialized memory and overflows in some JavaScript functions (MFSA 2013-96)
https://notcve.org/view.php?id=CVE-2013-5595
29 Oct 2013 — The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. El motor JavaScript de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 17.x anterior a 17.0.10 y 24.x anterior a la versión 24.1, Thunderbird anterior a 24.1,... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 129EXPL: 0CVE-2013-5603 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5603
29 Oct 2013 — Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. Vulnerabilidad de uso después de liberación en la función nsContentUtils::ContentIsHostIncludingDescendantOf de Mozilla Firefox anterior a la versión 25... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 7.8EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1726 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1726
18 Sep 2013 — Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Mozilla Updater en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 119EXPL: 0CVE-2013-1723 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1723
18 Sep 2013 — The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. El "widget" NativeKey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0, and SeaMonkey anterior a 2.21 , procesa mensajes clave después de la destrucción de un listener de ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 137EXPL: 0CVE-2013-1730 – Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)
https://notcve.org/view.php?id=CVE-2013-1730
17 Sep 2013 — Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Mozilla Firefox anteriores a v24.0, Firefox ESR 17.x anteriores a v17.0.9, Thunderbird anteriores a v24.0, ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 2%CPEs: 119EXPL: 0CVE-2013-1720 – Ubuntu Security Notice USN-1952-1
https://notcve.org/view.php?id=CVE-2013-1720
17 Sep 2013 — The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. La función nsHtml5TreeBuilder::resetTheInsertionMode en el HTML5 Tree Builder de Mozilla Fire... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 119EXPL: 0CVE-2013-1728 – Ubuntu Security Notice USN-1952-1
https://notcve.org/view.php?id=CVE-2013-1728
17 Sep 2013 — The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. El motor de JavaScript IonMonkey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0 y SeaMonkey anterior a 2.21, cuando el modo Valgrind es usado, no inicializa correctamente la memoria, lo que facilita a atacantes rem... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 119EXPL: 0CVE-2013-1738 – Ubuntu Security Notice USN-1952-1
https://notcve.org/view.php?id=CVE-2013-1738
17 Sep 2013 — Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. Vulnerabilidad de uso después de liberación en la función JS_GetGlobalForScopeChain de Mozilla Firefox anterior a version 24.0, Thunderbird anterior a 24.0 y SeaMonkey anterior a 2.21 permite... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 3%CPEs: 137EXPL: 0CVE-2013-1725 – Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)
https://notcve.org/view.php?id=CVE-2013-1725
17 Sep 2013 — Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. Las versiones Mozilla Firefox, anterior a 24.0 Firefox EST anterior a 17.x , Thunderbird anterior a 24.0 , Thunderbird ESR anterior a 17.x y SeaMonkey anterior a 2.21 no garantiza la in... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 119EXPL: 0CVE-2013-1719 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1719
17 Sep 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v24.0, Thunderbird anterior a v24.0, y SeaMonkey anterior a v2.21 permite a atacantes remotos provocar una denegación de... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •