CVSS: 10.0EPSS: 8%CPEs: 23EXPL: 0CVE-2013-1680 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1680
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsFrameList::FirstChild en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 23EXPL: 0CVE-2013-1678 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1678
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. La función _cairo_xlib_surface_add_glyph en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (operación de escritura inválida) mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 23EXPL: 0CVE-2013-0801 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.6) (MFSA 2013-41)
https://notcve.org/view.php?id=CVE-2013-0801
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x •
CVSS: 10.0EPSS: 8%CPEs: 23EXPL: 0CVE-2013-1681 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1681
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsContentUtils::RemoveScriptBlocker en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 89%CPEs: 23EXPL: 2CVE-2013-1670 – Mozilla Firefox - toString console.time Privileged JavaScript Injection
https://notcve.org/view.php?id=CVE-2013-1670
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 no previene la adquisición de los privilegios de chrome durante las llamadas al contenido de los constructores, lo que permite a atacantes remotos eludir ciertas restricciones de solo lectura y llevar a cabo ataques de tipo XSS (cross-site-scripting) mediante un sitio web especialmente diseñado. • https://www.exploit-db.com/exploits/34363 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •