CVSS: 5.9EPSS: 93%CPEs: 34EXPL: 0CVE-2013-2566 – Gentoo Linux Security Advisory 201406-19
https://notcve.org/view.php?id=CVE-2013-2566
14 Mar 2013 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos "single-byte biases", lo que hace que sea más fácil para atacantes remotos realizar ataques de recuperación de texto claro a través de análisis estadístico... • http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html • CWE-326: Inadequate Encryption Strength •
CVSS: 9.3EPSS: 1%CPEs: 13EXPL: 0CVE-2013-0773 – Debian Security Advisory 2699-1
https://notcve.org/view.php?id=CVE-2013-0773
19 Feb 2013 — The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote attackers to obtain sensitive information from chrome objects or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. Las implementaciones de Chrome Object Wrapper (COW) y System ... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html •
CVSS: 9.1EPSS: 0%CPEs: 12EXPL: 1CVE-2013-0774 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0774
19 Feb 2013 — Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anterior a v17.0.3, Thunderbird ESR v17.x anterior a v17.0.3, y SeaMonkey anterior a v2.16 no previene la lectura de JavaScript desde el di... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html •
CVSS: 9.3EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0775 – Mozilla: Use-after-free in nsImageLoadingContent (MFSA 2013-26)
https://notcve.org/view.php?id=CVE-2013-0775
19 Feb 2013 — Use-after-free vulnerability in the nsImageLoadingContent::OnStopContainer function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code via crafted web script. Vulnerabilidad de uso de memoria después de libreación en la función nsImageLoadingContent::OnStopContainer en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anteri... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-416: Use After Free •
CVSS: 5.9EPSS: 0%CPEs: 22EXPL: 0CVE-2013-0776 – Mozilla: Phishing on HTTPS connection through malicious proxy (MFSA 2013-27)
https://notcve.org/view.php?id=CVE-2013-0776
19 Feb 2013 — Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script, as demonstrated by a phishing attack on an HTTPS site. Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thunderbird anterior a v17.0.3, Thunderbird ESR 17.x anterior a v17.0.3, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-295: Improper Certificate Validation •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 1CVE-2013-0777 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0777
19 Feb 2013 — Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de la liberación en la función nsDisplayBoxShadowOuter::Paint en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejec... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2013-0778 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0778
19 Feb 2013 — The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función ClusterIterator::NextCluster en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejecutar código arbitrio o causar una denegación de servicio (lectura fuera de límites) a trav... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 1CVE-2013-0779 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0779
19 Feb 2013 — The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función nsCodingStateMachine::NextState en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejecutar código arbitrio o causar una denegación de servicio (lectura fuera de límites) ... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 0CVE-2013-0780 – Mozilla: Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer (MFSA 2013-28)
https://notcve.org/view.php?id=CVE-2013-0780
19 Feb 2013 — Use-after-free vulnerability in the nsOverflowContinuationTracker::Finish function in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document that uses Cascading Style Sheets (CSS) -moz-column-* properties. Vulnerabilidad de uso después de la liberación en la función nsOverflowContinuationT... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2013-0781 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0781
19 Feb 2013 — Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsPrintEngine::CommonPrint en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejecutar código... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-416: Use After Free •