CVSS: 10.0EPSS: 6%CPEs: 149EXPL: 0CVE-2013-5602 – Mozilla: Memory corruption in workers (MFSA 2013-101)
https://notcve.org/view.php?id=CVE-2013-5602
The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. La función Worker :: SetEventListener en la implementación Web workers de Mozilla Firefox antes de 25.0, Firefox ESR 17.x 24.x antes de 17.0.10 y 24.x antes de 24.1, Thunderbird anterior a 24.1, Thunderbird ESR 17.x anterior a 17.0.10, y SeaMonkey anterior a 2.22 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores relacionados con proxies directos. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html http://rhn.redhat.com/errata/RHSA-2013-1476.html http://rhn.redhat.com/errata/RHSA-2013-1480.html http://www.debian.org/security/2013/dsa-2788 http://www.debian.org/security/2013/dsa-2797 http://www.mozilla.org/security/announce/2013/mfsa2013-101.html https:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 4%CPEs: 149EXPL: 0CVE-2013-5604 – Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95)
https://notcve.org/view.php?id=CVE-2013-5604
The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. La función txXPathNodeUtils::getBaseURI en el procesador de XSLT en Mozilla Firefox anterior a 25.0, Firefox ESR 17.x anterior a 17.0.10 y 24.x anterior a 24.1, Thunderbird anterior a 24.1 Thunderbird ESR 17.x anterior a 17.0.10, y SeaMonkey anterior a 2.22 no inicializan correctamente los datos, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (desbordamiento de búfer basado en pila y caída de aplicación) a través de los documentos manipulados. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00014.html http://rhn.redhat.com/errata/RHSA-2013-1476.html http://rhn.redhat.com/errata/RHSA-2013-1480.html http://www.debian.org/security/2013/dsa-2788 http://www.debian.org/security/2013/dsa-2797 http://www.mozilla.org/security/announce/2013/mfsa2013-95.html https:&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1726
https://notcve.org/view.php?id=CVE-2013-1726
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Mozilla Updater en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0.9) y SeaMOnkey (anteriores a 2.21) no asegura acceso exclusivo a un archivo MAR, lo que permite a usuarios locales obtener privilegios creando un archivo troyano despues de la verificación de firma MAR, pero antes del uso de MAR. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-83.html https://bugzilla.mozilla.org/show_bug.cgi?id=890853 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18821 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 3%CPEs: 119EXPL: 0CVE-2013-1723
https://notcve.org/view.php?id=CVE-2013-1723
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. El "widget" NativeKey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0, and SeaMonkey anterior a 2.21 , procesa mensajes clave después de la destrucción de un listener de eventos ya distribuido, lo que permite a un atacante remoto ejecutar código arbitrario sacando provecho del uso incorrecto de eventos tras la reasignación de memoria del "widget" • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 119EXPL: 0CVE-2013-1719
https://notcve.org/view.php?id=CVE-2013-1719
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v24.0, Thunderbird anterior a v24.0, y SeaMonkey anterior a v2.21 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente la ejecución de código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •