CVSS: 10.0EPSS: 12%CPEs: 154EXPL: 0CVE-2013-1702 – Ubuntu Security Notice USN-1924-1
https://notcve.org/view.php?id=CVE-2013-1702
07 Aug 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación... • http://www.mozilla.org/security/announce/2013/mfsa2013-63.html •
CVSS: 6.1EPSS: 0%CPEs: 154EXPL: 0CVE-2013-1711 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1711
07 Aug 2013 — The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. La implementación XrayWrapper en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 no responde adecuadamente a la posibilidad de una derivación en el á... • http://www.mozilla.org/security/announce/2013/mfsa2013-70.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1717 – Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)
https://notcve.org/view.php?id=CVE-2013-1717
07 Aug 2013 — Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y S... • http://www.debian.org/security/2013/dsa-2735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 154EXPL: 0CVE-2013-1708 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1708
07 Aug 2013 — Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo WAV manipulado que no es manejado correctamente por la función nsCString::CharAt. USN-1924-1 fixed vulnerabilities in Firefox. T... • http://www.mozilla.org/security/announce/2013/mfsa2013-67.html •
CVSS: 9.3EPSS: 2%CPEs: 154EXPL: 0CVE-2013-1704 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1704
07 Aug 2013 — Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. Vulnerabilidad de uso después de liberación en la función nsINode::GetParentNode en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.2 permite a atacantes remotos ejecut... • http://www.mozilla.org/security/announce/2013/mfsa2013-64.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1713 – Mozilla: Wrong principal used for validating URI for some Javascript components (MFSA 2013-72)
https://notcve.org/view.php?id=CVE-2013-1713
07 Aug 2013 — Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterio... • http://www.debian.org/security/2013/dsa-2735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 91%CPEs: 178EXPL: 3CVE-2013-1710 – Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution
https://notcve.org/view.php?id=CVE-2013-1710
07 Aug 2013 — The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. La función crypto.generateCRMFRequest en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird a... • https://packetstorm.news/files/id/124564 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 6%CPEs: 154EXPL: 0CVE-2013-1705 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1705
07 Aug 2013 — Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. Desbordamiento de búfer basado en memoria dinámica en la función cryptojs_interpret_key_gen_type en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos ejecutar código arbitrari... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1709 – Mozilla: Document URI misrepresentation and masquerading (MFSA 2013-68)
https://notcve.org/view.php?id=CVE-2013-1709
07 Aug 2013 — Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.... • http://www.debian.org/security/2013/dsa-2735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 1%CPEs: 138EXPL: 0CVE-2013-0792 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0792
03 Apr 2013 — Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. Mozilla Firefox anterior a v20.0 y SeaMonkey antes de v2.17, cuando se utiliza gfx.color_management.enablev4, no tratan correctamente los perfiles de color durante el procesamiento PNG, que permi... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •