Page 19 of 686 results (0.005 seconds)

CVSS: 5.1EPSS: 1%CPEs: 148EXPL: 0

CVE-2013-5595 – Mozilla: Improperly initialized memory and overflows in some JavaScript functions (MFSA 2013-96)

https://notcve.org/view.php?id=CVE-2013-5595

The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. El motor JavaScript de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 17.x anterior a 17.0.10 y 24.x anterior a la versión 24.1, Thunderbird anterior a 24.1, Thunderbird ESR 17.x anterior a la versión 17.0.10, y SeaMonkey anterior a 2.22 no asigna correctamente la memoria para funciones sin especificar, lo que permite a atacantes remotos llevar a cabo ataques de desbordamiento de buffer a través de páginas web manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html http://rhn.redhat.com/errata/RHSA-2013-1476.html http://rhn.redhat.com/errata/RHSA-2013-1480.html http://www.debian.org/security/2013/dsa-2788 http://www.debian.org/security/2013/dsa-2797 http://www.mozilla.org/security/announce/2013/mfsa2013-96.html http: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0

CVE-2013-5590 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.10) (MFSA 2013-93)

https://notcve.org/view.php?id=CVE-2013-5590

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a 25.0, Firefox ESR 17.x 24.x anterior a 17.0.10 y 24.x anterior a 24.1, Thunderbird anterior a 24.1 Thunderbird ESR 17.x anterior a 17.0.10, y SeaMonkey anterior a 2.22 permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html http://rhn.redhat.com/errata/RHSA-2013-1476.html http://rhn.redhat.com/errata/RHSA-2013-1480.html http://www.debian.org/security/2013/dsa-2788 http://www.debian.org/security/2013/dsa-2797 http://www.mozilla.org/security/announce/2013/mfsa2013-93.html https:&#x •

CVSS: 4.3EPSS: 3%CPEs: 119EXPL: 0

CVE-2013-1723

https://notcve.org/view.php?id=CVE-2013-1723

The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. El "widget" NativeKey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0, and SeaMonkey anterior a 2.21 , procesa mensajes clave después de la destrucción de un listener de eventos ya distribuido, lo que permite a un atacante remoto ejecutar código arbitrario sacando provecho del uso incorrecto de eventos tras la reasignación de memoria del "widget" • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.2EPSS: 0%CPEs: 137EXPL: 0

CVE-2013-1726

https://notcve.org/view.php?id=CVE-2013-1726

Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Mozilla Updater en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0.9) y SeaMOnkey (anteriores a 2.21) no asegura acceso exclusivo a un archivo MAR, lo que permite a usuarios locales obtener privilegios creando un archivo troyano despues de la verificación de firma MAR, pero antes del uso de MAR. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-83.html https://bugzilla.mozilla.org/show_bug.cgi?id=890853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 7%CPEs: 137EXPL: 0

CVE-2013-1718 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76)

https://notcve.org/view.php?id=CVE-2013-1718

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación de Firefox anterior a 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunderbird anterior a 24.0, Thunderbird ESR 17.x anterior a 17.0.9 y SeaMonkey anterior a 2.21 permite a a atacantes remotos causar denegación de servicio (corrupción de memoria y caida de aplicación) o posible ejecución de código arbitrario a través de vectores desconocidos • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •