CVSS: 4.3EPSS: 0%CPEs: 119EXPL: 0CVE-2013-1728
https://notcve.org/view.php?id=CVE-2013-1728
The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. El motor de JavaScript IonMonkey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0 y SeaMonkey anterior a 2.21, cuando el modo Valgrind es usado, no inicializa correctamente la memoria, lo que facilita a atacantes remotos obtener información sensible a través de vectores no especificados • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1737 – Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)
https://notcve.org/view.php?id=CVE-2013-1737
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0.9) y SeaMonkey (anteriores a 2.21) no identifican apropiadamente el objeto "this" en proxies DOM durante el uso de métodos "getter" definidos por el usuario, lo que podría permitir a un atacante remoto evitar las restricciones de acceso a través de vectores que hacen uso del objeto "expando". • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 6%CPEs: 119EXPL: 0CVE-2013-1738
https://notcve.org/view.php?id=CVE-2013-1738
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. Vulnerabilidad de uso después de liberación en la función JS_GetGlobalForScopeChain de Mozilla Firefox anterior a version 24.0, Thunderbird anterior a 24.0 y SeaMonkey anterior a 2.21 permite a atacantes remotos a ejecutar códifgo arbitrario aprovechando una incorrecta recolección de basura (garbage collection) en situaciones relacionadas con compartimentos por defecto y restauración de de frame-chains • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 119EXPL: 0CVE-2013-1724
https://notcve.org/view.php?id=CVE-2013-1724
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. Vulnerabilidad de uso despues de liberación en la función mozilla:dom::HTMLFormElement::IsDefaultSubmitElement en Mozilla Firefox (anteriores a 24.0), Thunderbird (anteriores a 24.0) y SeaMonkey (anteriores a 2.21) permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores que emplean un elemento SELECT destruído. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 2%CPEs: 137EXPL: 0CVE-2013-1730 – Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)
https://notcve.org/view.php?id=CVE-2013-1730
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Mozilla Firefox anteriores a v24.0, Firefox ESR 17.x anteriores a v17.0.9, Thunderbird anteriores a v24.0, Thunderbird ESR 17.x anteriores a 17.0.9, y SeaMonkey anteriores a v2.21 no manejan correctamente el movimiento de nodos con respaldo XBL entre documentos, lo cual permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (desajuste del compartimiento JavaScript, o fallo de aserción y salida de la aplicación) a través de un sitio web manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •