CVSS: 10.0EPSS: 18%CPEs: 27EXPL: 0CVE-2013-1686 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)
https://notcve.org/view.php?id=CVE-2013-1686
25 Jun 2013 — Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de usar-despues-de-liberar en la función mozilla::ResetDir en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunder... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 11%CPEs: 27EXPL: 0CVE-2013-1694 – Mozilla: PreserveWrapper has inconsistent behavior (MFSA 2013-56)
https://notcve.org/view.php?id=CVE-2013-1694
25 Jun 2013 — The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. La implementación PreserveWrapper en Mozilla Firefox antes de v22.0, Firefox ESR 17.x antes de v17.0.7, ... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 7%CPEs: 23EXPL: 0CVE-2013-1674 – Mozilla: Use-after-free with video and onresize event (MFSA 2013-46)
https://notcve.org/view.php?id=CVE-2013-1674
16 May 2013 — Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. Vulnerabilidad de tipo "usar despues de liberar" en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecu... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 18%CPEs: 23EXPL: 0CVE-2013-1680 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1680
16 May 2013 — Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsFrameList::FirstChild en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 23EXPL: 0CVE-2013-1677 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1677
16 May 2013 — The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función gfxSkipCharsIterator::SetOffsets en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1672
https://notcve.org/view.php?id=CVE-2013-1672
16 May 2013 — The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. El Mozilla Updater en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 en Windows permite a usuarios locales eludir la verificación de i... • http://www.mozilla.org/security/announce/2013/mfsa2013-44.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 11%CPEs: 23EXPL: 0CVE-2013-1676 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1676
16 May 2013 — The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función SelectionIterator::GetNextSegment en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a ataca... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 8%CPEs: 5EXPL: 0CVE-2013-1669
https://notcve.org/view.php?id=CVE-2013-1669
16 May 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a v21.0 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario mediante vect... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2013-1671 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1671
16 May 2013 — Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site. Mozilla Firefox anterior a v21.0 no implementa correctamente el elemento INPUT, lo que permite a atacantes remotos obtener la ruta completo mediante un sitio web especialmente diseñado. Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. Versions less t... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 18%CPEs: 23EXPL: 0CVE-2013-1681 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1681
16 May 2013 — Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsContentUtils::RemoveScriptBlocker en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunde... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-399: Resource Management Errors •