
CVE-2013-5601 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5601
29 Oct 2013 — Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. Vulnerabilidad de uso después de liberación en la función nsEventListenerManager::SetEventHandler de Mozilla Firefox an... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •

CVE-2013-5604 – Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95)
https://notcve.org/view.php?id=CVE-2013-5604
29 Oct 2013 — The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. La función txXPathNodeUtils::getBaseURI en el procesador de XSLT en Mozilla Fir... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2013-1726 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1726
18 Sep 2013 — Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Mozilla Updater en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-264: Permissions, Privileges, and Access Controls •

CVE-2013-1723 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1723
18 Sep 2013 — The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. El "widget" NativeKey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0, and SeaMonkey anterior a 2.21 , procesa mensajes clave después de la destrucción de un listener de ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2013-1736 – Mozilla: Memory corruption involving scrolling (MFSA 2013-90)
https://notcve.org/view.php?id=CVE-2013-1736
17 Sep 2013 — The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. La función nsGfxScrollFrameInner::IsLTR en Mozilla Firefox anterior a 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunderbir... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2013-1732 – Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89)
https://notcve.org/view.php?id=CVE-2013-1732
17 Sep 2013 — Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. Desbordamiento de buffer en la función nsFloatmanager::GetFlowArea en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9) y SeaMonkey (anteriores a 2.21) permite... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2013-1719 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1719
17 Sep 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v24.0, Thunderbird anterior a v24.0, y SeaMonkey anterior a v2.21 permite a atacantes remotos provocar una denegación de... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2013-1718 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76)
https://notcve.org/view.php?id=CVE-2013-1718
17 Sep 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación de Firefox anterior a 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunderbird anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2013-1730 – Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)
https://notcve.org/view.php?id=CVE-2013-1730
17 Sep 2013 — Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Mozilla Firefox anteriores a v24.0, Firefox ESR 17.x anteriores a v17.0.9, Thunderbird anteriores a v24.0, ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVE-2013-1724 – Ubuntu Security Notice USN-1952-1
https://notcve.org/view.php?id=CVE-2013-1724
17 Sep 2013 — Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. Vulnerabilidad de uso despues de liberación en la función mozilla:dom::HTMLFormElement::IsDefaultSubmitElement en Mozilla Firefox (anteriores a 24.0), Thunderbird (anteriores a... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-399: Resource Management Errors •