CVSS: 10.0EPSS: 8%CPEs: 23EXPL: 0CVE-2013-1681 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1681
Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsContentUtils::RemoveScriptBlocker en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 89%CPEs: 23EXPL: 2CVE-2013-1670 – Mozilla Firefox - toString console.time Privileged JavaScript Injection
https://notcve.org/view.php?id=CVE-2013-1670
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 no previene la adquisición de los privilegios de chrome durante las llamadas al contenido de los constructores, lo que permite a atacantes remotos eludir ciertas restricciones de solo lectura y llevar a cabo ataques de tipo XSS (cross-site-scripting) mediante un sitio web especialmente diseñado. • https://www.exploit-db.com/exploits/34363 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 9%CPEs: 23EXPL: 0CVE-2013-1676 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1676
The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función SelectionIterator::GetNextSegment en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 6%CPEs: 23EXPL: 0CVE-2013-1675 – Mozilla Firefox Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2013-1675
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 no inicializan estructuras de datos correctamente para las funciones nsDOMSVGZoomEvent::mPreviousScale y nsDOMSVGZoomEvent::mNewScale functions, lo que permite a atacantes remotos obtener información sensible desde la memoria de un proceso mediante un sitio web especialmente diseñado. Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-456: Missing Initialization of a Variable •
CVSS: 10.0EPSS: 8%CPEs: 23EXPL: 0CVE-2013-1679 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1679
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función mozilla::plugins::child::_geturlnotify en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-399: Resource Management Errors •