CVE-2014-1479 – Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)
https://notcve.org/view.php?id=CVE-2014-1479
The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involving XBL content scopes. La implementación System Only Wrapper (SOW) en Mozilla Firefox anterior a 27.0, Firefox ESR 24.x anterior a 24.3, Thunderbird anterior a 24.3 y SeaMonkey anterior a 2.24 no previene ciertas operaciones de clonado, lo que permite a atacantes remotos evadir restricciones sobre contenido XUL a través de vectores que involucran el alcance del contenido XBL. • http://download.novell.com/Download?buildid=VYQsgaFpQ2k http://download.novell.com/Download?buildid=Y2fux-JW1Qc http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127966.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129218.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00010.html http://lists •
CVE-2013-5615
https://notcve.org/view.php?id=CVE-2013-5615
The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors. La implementación de JavaScript en Mozilla Firefox anterior a 26.0, Firefox ESR 24.x anterior a 24.2, Thunderbird anterior a 24.2, y SeaMonkey anterior a 2.23 no hace cumplir adecuadamente ciertas restricciones de composición tipográfica en la generación de la matriz de elementos de tipo GetElementIC, lo cual tiene impacto no especificado y vectores de ataque remotos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013 •
CVE-2013-5611
https://notcve.org/view.php?id=CVE-2013-5611
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Mozilla Firefox anterior a la versión 26.0 no elimina adecuadamente el doorhanger de la aplicación de instalación, lo que hace más sencillo para atancates remotos falsificar un sitio de instalación Web App mediante el control del tiempo de navegación por páginas. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00086.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00087.html http://lists.opensuse.org/opensuse-updates/2014-01/msg00002.html http: •
CVE-2013-6673
https://notcve.org/view.php?id=CVE-2013-6673
Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a valid certificate that is unacceptable to the user. Mozilla Firefox anterior a 26.0, Firefox ESR 24.x anterior a 24.2, Thunderbird anterior a 24.2, y SeaMonkey anterior a 2.23 no reconoce la eliminación de un certificado de confianza X.509, lo que facilita a atacantes que realicen un Man-in-the-middle suplantar servidores SSL en circunstancias especiales a través de un certificado que es inaceptable por el usuario. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013 • CWE-310: Cryptographic Issues •
CVE-2013-5609 – Mozilla: Miscellaneous memory safety hazards (rv:24.2) (MFSA 2013-104)
https://notcve.org/view.php?id=CVE-2013-5609
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox anterior a la versión 26.0, Firefox ESR 24.x anterior a 24.2, Thunderbird anterior a la versión 24.2, y SeaMonkey anterior a 2.23 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123437.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124108.html http://lists.fedoraproject.org/pipermail/package-announce/2013-December/124257.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125470.html http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00010.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00085.html http://lists.opensuse.org/opensuse-updates/2013 •