Page 151 of 1107 results (0.018 seconds)

CVSS: 10.0EPSS: 91%CPEs: 178EXPL: 1

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. La función crypto.generateCRMFRequest en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 permite a atacantes remotos ejecutar código JavaScript arbitrario o realizar ataques de cross-site scripting (XSS) a través de vectores relacionados con una solicitud de Certificate Request Message Format (CRMF). On versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. With the defineProperty method, functions belonging to window and document can be overriden with a function that gets called from chrome-privileged context. • https://www.exploit-db.com/exploits/30474 http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-69.html http://www.securityfocus.com/bid/61900 https://bugzilla.mozilla.org/show_bug.cgi?id=871368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773 https://access.redhat.com/security/cve/CVE-2013-1710 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 31EXPL: 0

Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service. Desbordamiento de búfer basado en pila en Mozilla Updater en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v17.0.8, Thunderbird anterior a v17.0.8, y Thunderbird ESR v17.x anterior a v17.0.8 permite a usuarios locales conseguir privilegios a través de una larga ruta en la línea de comandos para el servicio de Mozilla Maintenance. • http://www.mozilla.org/security/announce/2013/mfsa2013-66.html https://bugzilla.mozilla.org/show_bug.cgi?id=888314 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18871 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 6%CPEs: 178EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v17.0.8, Thunderbird anterior a v17.0.8, Thunderbird ESR v17.x anterior a v17.0.8, y SeaMonkey anterior a v2.20 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-63.html http://www.securityfocus.com/bid/61874 https://bugzilla.mozilla.org/show_bug.cgi?id=880734 https://bugzilla.mozilla.org/show_bug.cgi?id=888107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18514 https://access.redhat.com/security/cve/CVE-2013-1701 https://bugzilla.redhat.com/show_bug&# •

CVSS: 6.9EPSS: 0%CPEs: 36EXPL: 0

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. Múltiples vulnerabilidades de path de búsqueda inseguro en updater.exe en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8 en Windows 7, Windows Server 2008 R2, Windows 8, y Windows Server 2012 permiten a los usuarios locales conseguir privilegios a través de una DLL caballo de Troya en (1) el directorio de actualización o (2) el directorio de trabajo actual. • http://www.mozilla.org/security/announce/2013/mfsa2013-71.html https://bugzilla.mozilla.org/show_bug.cgi?id=859072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18014 •

CVSS: 5.4EPSS: 0%CPEs: 178EXPL: 0

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 no limitan adecuadamente el acceso local al sistema de archivos mediante applets Java, lo que permite a atacantes remotos asistidos por el usuario para leer archivos arbitrarios mediante el aprovechamiento de una descarga de una ruta fija o de otra ruta predecible. • http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-75.html http://www.securityfocus.com/bid/61896 https://bugzilla.mozilla.org/show_bug.cgi?id=406541 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367 https://access.redhat.com/security/cve/CVE-2013-1717 https://bugzilla.redhat.com/show_bug.cgi?id=993605 • CWE-264: Permissions, Privileges, and Access Controls •