CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2013-1715
https://notcve.org/view.php?id=CVE-2013-1715
07 Aug 2013 — Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. Múltiples vulnerabilidades de ruta de búsqueda no confiable en (1) el instalador completo y (2) el instalador parcial en Mozilla Firefox antes de v23.0 en Windows permite a los usuarios locales conseguir pr... • http://www.mozilla.org/security/announce/2013/mfsa2013-74.html •
CVSS: 7.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1712 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1712
07 Aug 2013 — Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. Múltiples vulnerabilidades de path de búsqueda inseguro en updater.exe en Mozilla Firefox anterior a v... • http://www.mozilla.org/security/announce/2013/mfsa2013-71.html •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2013-1707 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1707
07 Aug 2013 — Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line to the Mozilla Maintenance Service. Desbordamiento de búfer basado en pila en Mozilla Updater en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v17.0.8, Thunderbird anterior a v17.0.8, y Thunderbird ESR v17.x anterior a v17.0.8 permite a usu... • http://www.mozilla.org/security/announce/2013/mfsa2013-66.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 31EXPL: 0CVE-2013-1706
https://notcve.org/view.php?id=CVE-2013-1706
07 Aug 2013 — Stack-based buffer overflow in maintenanceservice.exe in the Mozilla Maintenance Service in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 allows local users to gain privileges via a long pathname on the command line. Desbordamiento de búfer basado en pila en maintenanceservice.exe en el servicio Mozilla Maintenance en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v17.0.8, Thunderbird anterior a v17.0.8, y Thund... • http://www.mozilla.org/security/announce/2013/mfsa2013-66.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 178EXPL: 0CVE-2013-1701 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.8) (MFSA 2013-63)
https://notcve.org/view.php?id=CVE-2013-1701
07 Aug 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v17.0.8, Thund... • http://www.debian.org/security/2013/dsa-2735 •
CVSS: 6.1EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1713 – Mozilla: Wrong principal used for validating URI for some Javascript components (MFSA 2013-72)
https://notcve.org/view.php?id=CVE-2013-1713
07 Aug 2013 — Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterio... • http://www.debian.org/security/2013/dsa-2735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1717 – Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)
https://notcve.org/view.php?id=CVE-2013-1717
07 Aug 2013 — Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y S... • http://www.debian.org/security/2013/dsa-2735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 2%CPEs: 154EXPL: 0CVE-2013-1704 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1704
07 Aug 2013 — Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event. Vulnerabilidad de uso después de liberación en la función nsINode::GetParentNode en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.2 permite a atacantes remotos ejecut... • http://www.mozilla.org/security/announce/2013/mfsa2013-64.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 154EXPL: 0CVE-2013-1702 – Ubuntu Security Notice USN-1924-1
https://notcve.org/view.php?id=CVE-2013-1702
07 Aug 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación... • http://www.mozilla.org/security/announce/2013/mfsa2013-63.html •
CVSS: 6.1EPSS: 0%CPEs: 154EXPL: 0CVE-2013-1711 – Ubuntu Security Notice USN-1924-2
https://notcve.org/view.php?id=CVE-2013-1711
07 Aug 2013 — The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. La implementación XrayWrapper en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 no responde adecuadamente a la posibilidad de una derivación en el á... • http://www.mozilla.org/security/announce/2013/mfsa2013-70.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •