CVSS: 6.1EPSS: 80%CPEs: 23EXPL: 3CVE-2013-1670 – Mozilla Firefox - toString console.time Privileged JavaScript Injection
https://notcve.org/view.php?id=CVE-2013-1670
16 May 2013 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a v21.0, Firefox ESR v17.... • https://packetstorm.news/files/id/127915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 10%CPEs: 23EXPL: 0CVE-2013-1675 – Mozilla Firefox Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-1675
16 May 2013 — Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 no ... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable CWE-665: Improper Initialization •
CVSS: 6.5EPSS: 1%CPEs: 138EXPL: 0CVE-2013-0794 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0794
03 Apr 2013 — Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. Mozilla Firefox anterior a v20.0 y SeaMonkey anterior a v2.17 no previene origen de suplantación en diálogos tabulados, lo que permite a atacantes remotos llevar ataques de phising a través de sitios web manipulados. Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0799 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0799
03 Apr 2013 — Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, and Thunderbird ESR 17.x before 17.0.5 on Windows allows local users to gain privileges via crafted arguments. Desbordamiento de búfer en Mozilla Maintenance Service en Mozilla Firefox anterior a v20.0, Firefox ESR v17.x anterior a v17.0.5, Thunderbird ESR v17.x antes de v17.0.5 en Windows permite que usuarios locales ganar privilegios a través de argumentos manipulad... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 153EXPL: 0CVE-2013-0793 – Mozilla: Cross-site scripting (XSS) using timed history navigations (MFSA 2013-38)
https://notcve.org/view.php?id=CVE-2013-0793
03 Apr 2013 — Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar during history navigation, which allows remote attackers to conduct cross-site scripting (XSS) attacks or phishing attacks by leveraging control over navigation timing. Mozilla Firefox antes de 20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de 17.0.5, Thunderbird ESR v17.x antes de v17.0.5 y SeaMonkey ... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 1%CPEs: 138EXPL: 0CVE-2013-0792 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0792
03 Apr 2013 — Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. Mozilla Firefox anterior a v20.0 y SeaMonkey antes de v2.17, cuando se utiliza gfx.color_management.enablev4, no tratan correctamente los perfiles de color durante el procesamiento PNG, que permi... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 6%CPEs: 180EXPL: 0CVE-2013-0790
https://notcve.org/view.php?id=CVE-2013-0790
03 Apr 2013 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox anterior a v20.0 en Android permite a atacantes remotos causar una denegación de servicios (corrupción de pila de memoria y caída de la aplicación) o posiblemente ejecut... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html •
CVSS: 10.0EPSS: 1%CPEs: 153EXPL: 0CVE-2013-0795 – Mozilla: Bypass of SOW protections allows cloning of protected nodes (MFSA 2013-36)
https://notcve.org/view.php?id=CVE-2013-0795
03 Apr 2013 — The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. El System Only Wrapper (SOW) implementado en la aplicación Mozilla Firefox antes de... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2013-0798
https://notcve.org/view.php?id=CVE-2013-0798
03 Apr 2013 — Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. Mozilla Firefox antes de v20.0 en Android usa permisos de escritura y lectura globales para el la carpeta de instalación app_tmp en el sistema de ficheros local, lo que permite a los atacantes modificar complementos a... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 153EXPL: 0CVE-2013-0797 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0797
03 Apr 2013 — Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory. Vulnerabilidad de path de búsqueda no confiable en Mozilla Updater en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes de v17.0.5, Thunderbird anterior v17.0.5, Thunderbird ESR v17.x anterior v17.0.... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html •