CVSS: 9.8EPSS: 2%CPEs: 19EXPL: 0CVE-2013-0745 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0745
09 Jan 2013 — The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. La clase AutoWrapperChanger en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v17.x anter... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2013-0746 – Mozilla: Compartment mismatch with quickstubs returned values (MFSA 2013-09)
https://notcve.org/view.php?id=CVE-2013-0746
09 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. Mozilla F... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 1CVE-2013-0747 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0747
09 Jan 2013 — The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. La función gPluginHandler.handleEvent en el maenjador de plugins en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x ante... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 1CVE-2013-0748 – Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)
https://notcve.org/view.php?id=CVE-2013-0748
09 Jan 2013 — The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. La implementación de en el motor de navegación en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 1CVE-2013-0752 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0752
09 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that have SVG content. Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y S... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 74%CPEs: 19EXPL: 3CVE-2013-0757 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0757
09 Jan 2013 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a v18.0, Firefox... • https://www.exploit-db.com/exploits/41683 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 87%CPEs: 30EXPL: 2CVE-2013-0758 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0758
09 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x a... • https://www.exploit-db.com/exploits/41683 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 1CVE-2013-0759 – Mozilla: URL spoofing in addressbar during page loads (MFSA 2013-04)
https://notcve.org/view.php?id=CVE-2013-0759
09 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 18EXPL: 0CVE-2013-0764 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0764
09 Jan 2013 — The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. La función nsSOCKSSocketInfo::ConnectToProxy en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 1CVE-2013-0768 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0768
09 Jan 2013 — Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. Desbordamiento de búfer basado en pila en la implementación Canvas en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a 17.0.2, Thunderbird anterior a v17.0.2, Thunderbir... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-787: Out-of-bounds Write •