CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 1CVE-2013-0779 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0779
19 Feb 2013 — The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función nsCodingStateMachine::NextState en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejecutar código arbitrio o causar una denegación de servicio (lectura fuera de límites) ... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0776 – Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27)
https://notcve.org/view.php?id=CVE-2013-0776
19 Feb 2013 — Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anterior a v17.0.3, Thunderbird ESR 17.x anterior a v17.0.3, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-295: Improper Certificate Validation •
CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2013-0775 – Mozilla: Use-after-free in nsImageLoadingContent (MFSA 2013-26)
https://notcve.org/view.php?id=CVE-2013-0775
19 Feb 2013 — Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. Vulnerabilidad de uso de memoria después de libreación en la función nsImageLoadingContent::OnStopContainer en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anteri... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 0CVE-2013-0780 – Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28)
https://notcve.org/view.php?id=CVE-2013-0780
19 Feb 2013 — Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. Vulnerabilidad de uso después de la liberación en la función nsOverflowContinuationT... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2013-0777 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0777
19 Feb 2013 — Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de la liberación en la función nsDisplayBoxShadowOuter::Paint en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejec... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 19EXPL: 0CVE-2013-0745 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0745
13 Jan 2013 — The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. La clase AutoWrapperChanger en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v17.x anter... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0763 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0763
13 Jan 2013 — Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. Vulnerabilidad de uso después de liberación en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.1, Thunderbird before v17.0.2, Thunderbird ESR... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 8%CPEs: 30EXPL: 0CVE-2013-0750 – Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0750
13 Jan 2013 — Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. Desbordamiento de búfer en la implementación de JavaScript en el componente XMLSerializer en Mozilla Fi... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 1CVE-2013-0748 – Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)
https://notcve.org/view.php?id=CVE-2013-0748
13 Jan 2013 — The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. La implementación de en el motor de navegación en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 2%CPEs: 21EXPL: 0CVE-2013-0760 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0760
13 Jan 2013 — Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. Desbordamiento de bufer en la función CharDistributionAnalysis::HandleOneChar en Mozilla Firefox anterior a v18.0, Thunderbird anterior a v17.0.2, y SeaMonkey anterior a v2.15 que permite a atacantes remotos ejecutar código arbitrario a través de documentos manipulados. Multiple v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •