CVE-2013-1710 – Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution
https://notcve.org/view.php?id=CVE-2013-1710
The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. La función crypto.generateCRMFRequest en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 permite a atacantes remotos ejecutar código JavaScript arbitrario o realizar ataques de cross-site scripting (XSS) a través de vectores relacionados con una solicitud de Certificate Request Message Format (CRMF). On versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. With the defineProperty method, functions belonging to window and document can be overriden with a function that gets called from chrome-privileged context. • https://www.exploit-db.com/exploits/30474 http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-69.html http://www.securityfocus.com/bid/61900 https://bugzilla.mozilla.org/show_bug.cgi?id=871368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773 https://access.redhat.com/security/cve/CVE-2013-1710 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1686 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)
https://notcve.org/view.php?id=CVE-2013-1686
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de usar-despues-de-liberar en la función mozilla::ResetDir en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunderbird ESR v17.x anterior a v17.0.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediantes vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0981.html http: • CWE-399: Resource Management Errors •
CVE-2013-1687 – Mozilla: Privileged content access and execution via XBL (MFSA 2013-51)
https://notcve.org/view.php?id=CVE-2013-1687
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. Las implementaciones System Only Wrapper (SOW) y Chrome Object Wrapper (COW) en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunderbird ESR v17.x anterior a v17.0.7 no restringen adecuadamente las funciones XBL definidas por el usuario lo que permite a atacantes remotos ejecutar código JavaScript con privilegios de chrome, o llevar a cabo ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de un sitios web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0981.html http: • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-1697 – Mozilla: XrayWrappers can be bypassed to run user defined methods in a privileged context (MFSA 2013-59)
https://notcve.org/view.php?id=CVE-2013-1697
The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. La implementación XrayWrapper en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x antes de v17.0.7, Thunderbird anterior a v17.0.7 no restringe correctamente el uso de DefaultValue para las llamadas a métodos, lo que permite a atacantes remotos ejecutar código JavaScript con privilegios de chrome a través de sitios web manipulados que dispara el uso de los métodos user-defined (1) toString o (2) valueOf • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0981.html http: • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-1694 – Mozilla: PreserveWrapper has inconsistent behavior (MFSA 2013-56)
https://notcve.org/view.php?id=CVE-2013-1694
The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. La implementación PreserveWrapper en Mozilla Firefox antes de v22.0, Firefox ESR 17.x antes de v17.0.7, Thunderbird antes de v17.0.7, y Thunderbird ESR v17.x antes de v17.0.7 no maneja correctamente la pérdida del envoltorio, lo que permite a atacantes remotos causar una denegación del servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario aprovechando la limpieza de la caché del envoltorio. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2013-0981.html http://rhn.redhat.com/errata/RHSA-2013-0982.html http://www.debian.org/security/2013/dsa-2716 http://www.debian.org/security/2013/dsa-2720 • CWE-20: Improper Input Validation •