CVSS: 4.3EPSS: 0%CPEs: 129EXPL: 0CVE-2013-5593 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5593
29 Oct 2013 — The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. La implementación elemento SELECT en Mozilla Firefox anterior a 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird ante... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1731
https://notcve.org/view.php?id=CVE-2013-1731
18 Sep 2013 — Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory. Vulnerabilidad de búsqueda de ruta no confiable en la funcionalidad de traceo GL de Mozilla Firefox anterior a 24.0 sobre Android, permite a atacantes ejecutar codigo arbitrario a través de fichero troyano .so en directorio con permisos de escritura para todo usuario • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 119EXPL: 0CVE-2013-1723 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1723
18 Sep 2013 — The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. El "widget" NativeKey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0, and SeaMonkey anterior a 2.21 , procesa mensajes clave después de la destrucción de un listener de ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1726 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1726
18 Sep 2013 — Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Mozilla Updater en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 2CVE-2013-1727 – Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass
https://notcve.org/view.php?id=CVE-2013-1727
18 Sep 2013 — Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. Mozilla Firefox anterior a 24.0 en Android permite a atacantes evitar la Same Origin Policy, y por lo tanto realizar ataques de cross-site scripting (XSS) o obtener la contraseña o la información de las cookies, mediante el uso de un enlace simbólico ... • https://packetstorm.news/files/id/123449 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1729
https://notcve.org/view.php?id=CVE-2013-1729
18 Sep 2013 — The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. La implementación WebGL en Mozilla Firefox (anteriores a 24.0), cuando se utilizan los drivers gráficos NVIDIA en Mac OS X, permite a atacantes remotos obtener capturas de pantalla del escritorio leyendo de un elemento CANVAS. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 119EXPL: 0CVE-2013-1728 – Ubuntu Security Notice USN-1952-1
https://notcve.org/view.php?id=CVE-2013-1728
17 Sep 2013 — The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors. El motor de JavaScript IonMonkey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0 y SeaMonkey anterior a 2.21, cuando el modo Valgrind es usado, no inicializa correctamente la memoria, lo que facilita a atacantes rem... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 137EXPL: 0CVE-2013-1725 – Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)
https://notcve.org/view.php?id=CVE-2013-1725
17 Sep 2013 — Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. Las versiones Mozilla Firefox, anterior a 24.0 Firefox EST anterior a 17.x , Thunderbird anterior a 24.0 , Thunderbird ESR anterior a 17.x y SeaMonkey anterior a 2.21 no garantiza la in... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 137EXPL: 0CVE-2013-1735 – Mozilla: Memory corruption involving scrolling (MFSA 2013-90)
https://notcve.org/view.php?id=CVE-2013-1735
17 Sep 2013 — Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. Vulnerabilidad de uso después de liberación en la función mozilla::layout::ScrollbarActivity de Mozilla Firefox anterior a la versión 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunde... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 4%CPEs: 119EXPL: 0CVE-2013-1720 – Ubuntu Security Notice USN-1952-1
https://notcve.org/view.php?id=CVE-2013-1720
17 Sep 2013 — The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. La función nsHtml5TreeBuilder::resetTheInsertionMode en el HTML5 Tree Builder de Mozilla Fire... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •