CVSS: 5.4EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1717 – Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)
https://notcve.org/view.php?id=CVE-2013-1717
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 no limitan adecuadamente el acceso local al sistema de archivos mediante applets Java, lo que permite a atacantes remotos asistidos por el usuario para leer archivos arbitrarios mediante el aprovechamiento de una descarga de una ruta fija o de otra ruta predecible. • http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-75.html http://www.securityfocus.com/bid/61896 https://bugzilla.mozilla.org/show_bug.cgi?id=406541 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18367 https://access.redhat.com/security/cve/CVE-2013-1717 https://bugzilla.redhat.com/show_bug.cgi?id=993605 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1713 – Mozilla: Wrong principal used for validating URI for some Javascript components (MFSA 2013-72)
https://notcve.org/view.php?id=CVE-2013-1713
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 utiliza un URI incorrecto dentro comparaciones no especificados durante la ejecución de la Same Origin Policy, lo que permite a atacantes remotos realizar ataques de cross-site scripting (XSS) o instalar complementos arbitrarios a través de un sitio web diseñado. • http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-72.html http://www.securityfocus.com/bid/61876 https://bugzilla.mozilla.org/show_bug.cgi?id=887098 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884 https://access.redhat.com/security/cve/CVE-2013-1713 https://bugzilla.redhat.com/show_bug.cgi?id=993603 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 31EXPL: 0CVE-2013-1706
https://notcve.org/view.php?id=CVE-2013-1706
Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line. Desbordamiento de búfer basado en pila en maintenanceservice.exe en el servicio Mozilla Maintenance en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v17.0.8, Thunderbird anterior a v17.0.8, y Thunderbird ESR v17.x anterior a v17.0.8 permite a usuarios locales conseguir privilegios a través de una larga ruta en la línea de comandos. • http://www.mozilla.org/security/announce/2013/mfsa2013-66.html https://bugzilla.mozilla.org/show_bug.cgi?id=888361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18930 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1709 – Mozilla: Document URI misrepresentation and masquerading (MFSA 2013-68)
https://notcve.org/view.php?id=CVE-2013-1709
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 no maneja adecuadamente la interacción entre los elementos FRAME y el historial, lo que permite a atacantes remotos realicen ataques de cross-site scripting (XSS) a través de vectores relacionados con la suplantación de una ubicación relativa en un documento previamente visitado. • http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-68.html http://www.securityfocus.com/bid/61867 https://bugzilla.mozilla.org/show_bug.cgi?id=848253 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18531 https://access.redhat.com/security/cve/CVE-2013-1709 https://bugzilla.redhat.com/show_bug.cgi?id=993600 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 27EXPL: 0CVE-2013-1686 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)
https://notcve.org/view.php?id=CVE-2013-1686
Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de usar-despues-de-liberar en la función mozilla::ResetDir en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunderbird ESR v17.x anterior a v17.0.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediantes vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0981.html http:&# • CWE-399: Resource Management Errors •