CVSS: 6.2EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1726
https://notcve.org/view.php?id=CVE-2013-1726
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Mozilla Updater en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0.9) y SeaMOnkey (anteriores a 2.21) no asegura acceso exclusivo a un archivo MAR, lo que permite a usuarios locales obtener privilegios creando un archivo troyano despues de la verificación de firma MAR, pero antes del uso de MAR. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-83.html https://bugzilla.mozilla.org/show_bug.cgi?id=890853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 7%CPEs: 137EXPL: 0CVE-2013-1718 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76)
https://notcve.org/view.php?id=CVE-2013-1718
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación de Firefox anterior a 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunderbird anterior a 24.0, Thunderbird ESR 17.x anterior a 17.0.9 y SeaMonkey anterior a 2.21 permite a a atacantes remotos causar denegación de servicio (corrupción de memoria y caida de aplicación) o posible ejecución de código arbitrario a través de vectores desconocidos • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 137EXPL: 0CVE-2013-1722 – Mozilla: Use-after-free in Animation Manager during stylesheet cloning (MFSA 2013-79)
https://notcve.org/view.php?id=CVE-2013-1722
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. Vulnerabilidad de uso después de liberación en la función nsAnimationManager::BuildAnimations en el Animation Manager de Mozilla Firefox anterior a la versión 17.0.9, Thunderbird anterior a 24.0, Thunderbird ESR 17.x anterior a 17.0.9, y SeaMonkey anterior a 2.21 permite a atacantes remotos ejecutar código arbitrario o causar una denegación del servicio (corrupción de memoria dinámica) a través de vectores relacionados con la clonación de estilos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 6.8EPSS: 8%CPEs: 137EXPL: 0CVE-2013-1725 – Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)
https://notcve.org/view.php?id=CVE-2013-1725
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. Las versiones Mozilla Firefox, anterior a 24.0 Firefox EST anterior a 17.x , Thunderbird anterior a 24.0 , Thunderbird ESR anterior a 17.x y SeaMonkey anterior a 2.21 no garantiza la inicialización de objetos JavaScript con compartimentos, lo cual permite a atacantes remotos ejecutar código arbitrario aprovechando una incorrecta manipulación del ámbito • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1737 – Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)
https://notcve.org/view.php?id=CVE-2013-1737
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0.9) y SeaMonkey (anteriores a 2.21) no identifican apropiadamente el objeto "this" en proxies DOM durante el uso de métodos "getter" definidos por el usuario, lo que podría permitir a un atacante remoto evitar las restricciones de acceso a través de vectores que hacen uso del objeto "expando". • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-264: Permissions, Privileges, and Access Controls •