CVSS: 8.1EPSS: 1%CPEs: 18EXPL: 0CVE-2013-0772 – Mozilla: Out-of-bounds read in image rendering (MFSA 2013-22)
https://notcve.org/view.php?id=CVE-2013-0772
19 Feb 2013 — The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. La función RasterImage::DrawFrameTo function en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16, permite a atacantes remotos obtener información sensible de los procesos... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 22EXPL: 0CVE-2013-0782 – Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28)
https://notcve.org/view.php?id=CVE-2013-0782
19 Feb 2013 — Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en la función nsSaveAsCharset::DoCharsetConversion en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anterior a v17.... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0776 – Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27)
https://notcve.org/view.php?id=CVE-2013-0776
19 Feb 2013 — Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anterior a v17.0.3, Thunderbird ESR 17.x anterior a v17.0.3, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0775 – Mozilla: Use-after-free in nsImageLoadingContent (MFSA 2013-26)
https://notcve.org/view.php?id=CVE-2013-0775
19 Feb 2013 — Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. Vulnerabilidad de uso de memoria después de libreación en la función nsImageLoadingContent::OnStopContainer en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anteri... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 0CVE-2013-0780 – Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28)
https://notcve.org/view.php?id=CVE-2013-0780
19 Feb 2013 — Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. Vulnerabilidad de uso después de la liberación en la función nsOverflowContinuationT... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0783 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.3) (MFSA 2013-21)
https://notcve.org/view.php?id=CVE-2013-0783
19 Feb 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thund... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
08 Feb 2013 — The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-0241 – qxl: synchronous io guest DoS
https://notcve.org/view.php?id=CVE-2013-0241
01 Feb 2013 — The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. El controlador QXL en QXL Virtual GPU v0.1.0 permite a usuarios locales causar una denegación de servicio (caída o bloqueo del SO invitado) a través de una conexión SPICE que evita otros hilos obtenidos del mutex qemu_mutex. NOTA: Algu... • http://rhn.redhat.com/errata/RHSA-2013-0218.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 20%CPEs: 18EXPL: 0CVE-2013-0170 – libvirt: use-after-free in virNetMessageFree()
https://notcve.org/view.php?id=CVE-2013-0170
29 Jan 2013 — Use-after-free vulnerability in the virNetMessageFree function in rpc/virnetserverclient.c in libvirt 1.0.x before 1.0.2, 0.10.2 before 0.10.2.3, 0.9.11 before 0.9.11.9, and 0.9.6 before 0.9.6.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering certain errors during an RPC connection, which causes a message to be freed without being removed from the message queue. Vulnerabilidad de uso después de liberación en la función virNetMessageFree en rpc/l... • http://libvirt.org/git/?p=libvirt.git%3Ba=commit%3Bh=46532e3e8ed5f5a736a02f67d6c805492f9ca720 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 43EXPL: 0CVE-2012-5689 – bind: denial of service when processing queries and with both DNS64 and RPZ enabled
https://notcve.org/view.php?id=CVE-2012-5689
25 Jan 2013 — ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. ISC BIND v9.8.x hasta 9.8.4-P1 y v9.9.x hasta v9.9.2-P1, en ??ciertas configuraciones que implican DNS64 con una zona de política de respuesta que carece de una regla de reescritura AAAA, permite a atacantes remotos provoc... • http://rhn.redhat.com/errata/RHSA-2013-0550.html • CWE-20: Improper Input Validation •