CVSS: 6.1EPSS: 0%CPEs: 154EXPL: 0CVE-2013-1711 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1711
07 Aug 2013 — The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. La implementación XrayWrapper en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 no responde adecuadamente a la posibilidad de una derivación en el á... • http://www.mozilla.org/security/announce/2013/mfsa2013-70.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1714 – Mozilla: Same-origin bypass with web workers and XMLHttpRequest (MFSA 2013-73)
https://notcve.org/view.php?id=CVE-2013-1714
07 Aug 2013 — The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. La implementación Web Workers en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thund... • http://www.debian.org/security/2013/dsa-2735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 91%CPEs: 178EXPL: 3CVE-2013-1710 – Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution
https://notcve.org/view.php?id=CVE-2013-1710
07 Aug 2013 — The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. La función crypto.generateCRMFRequest en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird a... • https://packetstorm.news/files/id/124564 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 154EXPL: 0CVE-2013-1708 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1708
07 Aug 2013 — Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo WAV manipulado que no es manejado correctamente por la función nsCString::CharAt. USN-1924-1 fixed vulnerabilities in Firefox. T... • http://www.mozilla.org/security/announce/2013/mfsa2013-67.html •
CVSS: 6.1EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1709 – Mozilla: Document URI misrepresentation and masquerading (MFSA 2013-68)
https://notcve.org/view.php?id=CVE-2013-1709
07 Aug 2013 — Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.... • http://www.debian.org/security/2013/dsa-2735 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 11%CPEs: 178EXPL: 0CVE-2013-1701 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.8) (MFSA 2013-63)
https://notcve.org/view.php?id=CVE-2013-1701
07 Aug 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v17.0.8, Thund... • http://www.debian.org/security/2013/dsa-2735 •
CVSS: 10.0EPSS: 12%CPEs: 154EXPL: 0CVE-2013-1702 – Ubuntu Security Notice USN-1924-1
https://notcve.org/view.php?id=CVE-2013-1702
07 Aug 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación... • http://www.mozilla.org/security/announce/2013/mfsa2013-63.html •
CVSS: 10.0EPSS: 6%CPEs: 154EXPL: 0CVE-2013-1705 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1705
07 Aug 2013 — Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request. Desbordamiento de búfer basado en memoria dinámica en la función cryptojs_interpret_key_gen_type en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos ejecutar código arbitrari... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-1695 – Ubuntu Security Notice USN-1890-2
https://notcve.org/view.php?id=CVE-2013-1695
26 Jun 2013 — Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. Mozilla Firefox antes de v22.0 no implementea correctamente cierto comportamiento DocShell para el atributo sandbox de un elemento IFRAME, lo que permite a atacantes remotos burlar las restricciones de acceso a través de un elemento FRAME dentro de un ele... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1700
https://notcve.org/view.php?id=CVE-2013-1700
26 Jun 2013 — The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. El Mozilla Maintenance Service en Mozilla Firefox anterior a 22.0 sobre Windows no maneja adecuadamente la incapacidad para ejecutar el archivo ejecutable "Mozilla Updater", lo que permite a usuarios locales elevar sus p... • http://www.mozilla.org/security/announce/2013/mfsa2013-62.html • CWE-264: Permissions, Privileges, and Access Controls •