Page 24 of 691 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 154EXPL: 0

CVE-2013-1708

https://notcve.org/view.php?id=CVE-2013-1708

Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function. Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo WAV manipulado que no es manejado correctamente por la función nsCString::CharAt. • http://www.mozilla.org/security/announce/2013/mfsa2013-67.html https://bugzilla.mozilla.org/show_bug.cgi?id=879924 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18803 •

CVSS: 4.3EPSS: 0%CPEs: 154EXPL: 0

CVE-2013-1711

https://notcve.org/view.php?id=CVE-2013-1711

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging access to an unprivileged object. La implementación XrayWrapper en Mozilla Firefox anterior a v23.0 y SeaMonkey anterior a v2.20 no responde adecuadamente a la posibilidad de una derivación en el ámbito XBL resultante de argumentos no nativos en las llamadas a funciones XBL, lo que hace que sea más fácil para los atacantes remotos realizar ataques de cross-site scripting (XSS), aprovechando el acceso a un objeto sin privilegios. • http://www.mozilla.org/security/announce/2013/mfsa2013-70.html https://bugzilla.mozilla.org/show_bug.cgi?id=843829 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18830 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 178EXPL: 0

CVE-2013-1713 – Mozilla: Wrong principal used for validating URI for some Javascript components (MFSA 2013-72)

https://notcve.org/view.php?id=CVE-2013-1713

Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 utiliza un URI incorrecto dentro comparaciones no especificados durante la ejecución de la Same Origin Policy, lo que permite a atacantes remotos realizar ataques de cross-site scripting (XSS) o instalar complementos arbitrarios a través de un sitio web diseñado. • http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-72.html http://www.securityfocus.com/bid/61876 https://bugzilla.mozilla.org/show_bug.cgi?id=887098 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18884 https://access.redhat.com/security/cve/CVE-2013-1713 https://bugzilla.redhat.com/show_bug.cgi?id=993603 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 92%CPEs: 178EXPL: 3

CVE-2013-1710 – Firefox toString console.time Privileged Javascript Injection

https://notcve.org/view.php?id=CVE-2013-1710

The crypto.generateCRMFRequest function in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 allows remote attackers to execute arbitrary JavaScript code or conduct cross-site scripting (XSS) attacks via vectors related to Certificate Request Message Format (CRMF) request generation. La función crypto.generateCRMFRequest en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 permite a atacantes remotos ejecutar código JavaScript arbitrario o realizar ataques de cross-site scripting (XSS) a través de vectores relacionados con una solicitud de Certificate Request Message Format (CRMF). On versions of Firefox from 5.0 to 15.0.1, the InstallTrigger global, when given invalid input, would throw an exception that did not have an __exposedProps__ property set. By re-setting this property on the exception object's prototype, the chrome-based defineProperty method is made available. With the defineProperty method, functions belonging to window and document can be overriden with a function that gets called from chrome-privileged context. • https://www.exploit-db.com/exploits/30474 http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-69.html http://www.securityfocus.com/bid/61900 https://bugzilla.mozilla.org/show_bug.cgi?id=871368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18773 https://access.redhat.com/security/cve/CVE-2013-1710 https://bugzilla.redhat.com/show_bug.cgi?id= • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 6%CPEs: 19EXPL: 0

CVE-2013-0791 – Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)

https://notcve.org/view.php?id=CVE-2013-0791

The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. La función CERT_DecodeCertPackage en Mozilla Network Security Services (NSS), tal como se utiliza en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes de v17.0.5, SeaMonkey antes de v2.17, y otros productos, permite a atacantes remotos provocar una denegación de servicio (fuera del terreno de juego y lectura de corrupción de memoria) a través de un certificado manipulado. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://rhn.redhat.com/errata/RHSA-2013-1135.html http://rhn.redhat.com/errata/RHSA-2013-1144.html http://www.mozilla.org/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •