CVSS: 9.3EPSS: 2%CPEs: 109EXPL: 0CVE-2013-1721
https://notcve.org/view.php?id=CVE-2013-1721
Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site. El desbordamiento de enteros en la función drawLineLoop en la biblioteca libGLESv2 de Almost Native Graphics Layer Engine (ANGLE), tal como se utiliza en Mozilla Firefox anterior a 24.0 y SeaMonkey anterior a 2.21, permite a atacantes remotos ejecutar código de su elección a través de un sitio web manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html http://www.mozilla.org/security/announce/2013/mfsa2013-78.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 6%CPEs: 119EXPL: 0CVE-2013-1738
https://notcve.org/view.php?id=CVE-2013-1738
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration. Vulnerabilidad de uso después de liberación en la función JS_GetGlobalForScopeChain de Mozilla Firefox anterior a version 24.0, Thunderbird anterior a 24.0 y SeaMonkey anterior a 2.21 permite a atacantes remotos a ejecutar códifgo arbitrario aprovechando una incorrecta recolección de basura (garbage collection) en situaciones relacionadas con compartimentos por defecto y restauración de de frame-chains • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 119EXPL: 0CVE-2013-1724
https://notcve.org/view.php?id=CVE-2013-1724
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element. Vulnerabilidad de uso despues de liberación en la función mozilla:dom::HTMLFormElement::IsDefaultSubmitElement en Mozilla Firefox (anteriores a 24.0), Thunderbird (anteriores a 24.0) y SeaMonkey (anteriores a 2.21) permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores que emplean un elemento SELECT destruído. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 2%CPEs: 137EXPL: 0CVE-2013-1730 – Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)
https://notcve.org/view.php?id=CVE-2013-1730
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Mozilla Firefox anteriores a v24.0, Firefox ESR 17.x anteriores a v17.0.9, Thunderbird anteriores a v24.0, Thunderbird ESR 17.x anteriores a 17.0.9, y SeaMonkey anteriores a v2.21 no manejan correctamente el movimiento de nodos con respaldo XBL entre documentos, lo cual permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (desajuste del compartimiento JavaScript, o fallo de aserción y salida de la aplicación) a través de un sitio web manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 17%CPEs: 137EXPL: 0CVE-2013-1732 – Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89)
https://notcve.org/view.php?id=CVE-2013-1732
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. Desbordamiento de buffer en la función nsFloatmanager::GetFlowArea en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9) y SeaMonkey (anteriores a 2.21) permite a atacantes remotos ejecutar código arbitrario a través del uso manipulado de listas y flotantes dentro de un diseño multicolumna. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •