CVSS: 9.3EPSS: 0%CPEs: 30EXPL: 3CVE-2013-0769 – Mozilla: Miscellaneous memory safety hazards (rv:10.0.12) (MFSA 2013-01)
https://notcve.org/view.php?id=CVE-2013-0769
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de búsqueda de Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, y SeaMonkey anterior a v2.15 permite ataques remotos que provocan una denegación de servicios (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.palemoon.org/releasenot •
CVSS: 9.3EPSS: 6%CPEs: 30EXPL: 2CVE-2013-0758 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0758
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y 17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar código JavaScript de su elección con privilegios chrome utilizando una interacción inapropiada entre los objetos de plugin y elementos SVG. • https://www.exploit-db.com/exploits/41683 https://www.exploit-db.com/exploits/41684 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http:/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0762 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0762
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función imgRequest::OnStopFrame en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicios (corrupción en la memoria dinámica) a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.securityfocus.com/bid&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.3EPSS: 3%CPEs: 30EXPL: 0CVE-2013-0754 – Mozilla Firefox ListenerManager Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0754
Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. Vulnerabilidad de uso después de la liberación en la implementación del ListenerManager en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos ejecutar códifo arbitrario a través de vectores que involucran el lanzamiento de colecciones de basura después de una asignación de memoria para los objetos "listener". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013-17.html http://www.ubuntu.com/usn/USN • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0744 – Mozilla: Use-after-free when displaying table with many columns and column groups (MFSA 2013-05)
https://notcve.org/view.php?id=CVE-2013-0744
Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an HTML document with a table containing many columns and column groups. Vulnerabilidad de liberación después de uso en la función TableBackgroundPainter::TableBackgroundData::Destroy en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria dinámica) a través de un documento HTML con una tabla que contiene multitud de columnas y grupos de estas. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013-05.html http://www.ubuntu.com/usn/USN • CWE-416: Use After Free •