CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 1CVE-2013-0759 – Mozilla: URL spoofing in addressbar during page loads (MFSA 2013-04)
https://notcve.org/view.php?id=CVE-2013-0759
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 1CVE-2013-0755 – Mozilla Firefox mozVibrate Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0755
13 Jan 2013 — Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. Vulnerabilidad después de liberación en la implementación mozVibrate en la librería Vibrate en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.2, Thunderbird an... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 74%CPEs: 19EXPL: 3CVE-2013-0757 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0757
13 Jan 2013 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a v18.0, Firefox... • https://www.exploit-db.com/exploits/41683 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0746 – Mozilla: Compartment mismatch with quickstubs returned values (MFSA 2013-09)
https://notcve.org/view.php?id=CVE-2013-0746
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 do not properly implement quickstubs that use the jsval data type for their return values, which allows remote attackers to execute arbitrary code or cause a denial of service (compartment mismatch and application crash) via crafted JavaScript code that is not properly handled during garbage collection. Mozilla F... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html •
CVSS: 9.3EPSS: 0%CPEs: 19EXPL: 0CVE-2013-0756 – Mozilla Firefox obj_toSource Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0756
13 Jan 2013 — Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing JavaScript Proxy objects that are not properly handled during garbage collection. Vulnerabilidad en la gestión de recursos en la función obj_toSource en Mozilla Firefox anterior a v18.0, Firefox ESR 17.x anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.1EPSS: 13%CPEs: 5EXPL: 2CVE-2012-4528 – ModSecurity - 'POST' Security Bypass
https://notcve.org/view.php?id=CVE-2012-4528
28 Dec 2012 — The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data. El módulo mod_security2 antes de v2.7.0 para el Servidor HTTP Apache permite a atacantes remotos evitar las reglas y entregar datos POST de su elección a una aplicación PHP, a través de una solicitud multipart en la que una parte no válida precede a los datos elaborados. • https://www.exploit-db.com/exploits/37949 •
CVSS: 10.0EPSS: 3%CPEs: 88EXPL: 0CVE-2012-5144 – Gentoo Linux Security Advisory 201406-28
https://notcve.org/view.php?id=CVE-2012-5144
12 Dec 2012 — Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, do not properly perform AAC decoding, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via vectors related to "an off-by-one overwrite when switching to LTP profile from MAIN." Google Chrome antes 23.0.1271.97 no realiza correctamente la decodificación AAC, que permite a atacantes remotos provocar una denegación de servicio (corrupción de pila ... • http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 70EXPL: 0CVE-2012-5143 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5143
12 Dec 2012 — Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers. Desbordamiento de entero en Google Chrome antes v23.0.1271.97 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con buffers de imagen PPAPI. Multiple vulnerabilities have been reported in Chromium and V8, some of which may ... • http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 1%CPEs: 70EXPL: 0CVE-2012-5140 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5140
12 Dec 2012 — Use-after-free vulnerability in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the URL loader. Vulnerabilidad de uso después de liberación en Google Chrome antes de 23.0.1271.97 permite a atacantes remotos provocar una denegación de servicio o posiblemente tener un impacto no especificado a través de vectores relacionados con el gestor de URL. Multiple vulnerabilities have been reported in Chromium and V... • http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 70EXPL: 0CVE-2012-5141 – Gentoo Linux Security Advisory 201309-16
https://notcve.org/view.php?id=CVE-2012-5141
12 Dec 2012 — Google Chrome before 23.0.1271.97 does not properly restrict instantiation of the Chromoting client plug-in, which has unspecified impact and attack vectors. Google Chrome antes de 23.0.1271.97 no restringe correctamente creación de instancias del complemento cliente Chromoting, lo que tiene un impacto y vectores de ataque no especificados. Multiple vulnerabilities have been reported in Chromium and V8, some of which may allow execution of arbitrary code. Versions less than 29.0.1457.57 are affected. • http://googlechromereleases.blogspot.com/2012/12/stable-channel-update.html •