CVSS: 9.8EPSS: 6%CPEs: 24EXPL: 0CVE-2012-6075 – qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled
https://notcve.org/view.php?id=CVE-2012-6075
13 Feb 2013 — Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet. Desbordamiento de buffer en la función e1000_receive del controlador de dispositivo e1000 (hw/e1000.c) en QEMU v1.3.0-rc2 y otras versiones, cuando las banderas de PAS y LPE están deshabilitadas, permiten ataques re... • http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
08 Feb 2013 — The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 1CVE-2013-0759 – Mozilla: URL spoofing in addressbar during page loads (MFSA 2013-04)
https://notcve.org/view.php?id=CVE-2013-0759
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 87%CPEs: 30EXPL: 2CVE-2013-0753 – Mozilla Firefox XMLSerializer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0753
13 Jan 2013 — Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. Vulnerabilidad de uso después de la liberación en la implementación del serializeToStream en el componente XMLSerializer en Mozilla Fire... • https://packetstorm.news/files/id/123000 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 3CVE-2013-0769 – Mozilla: Miscellaneous memory safety hazards (rv:10.0.12) (MFSA 2013-01)
https://notcve.org/view.php?id=CVE-2013-0769
13 Jan 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de búsqueda de Mozilla Firefox anterior a v18.0... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2013-0763 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0763
13 Jan 2013 — Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. Vulnerabilidad de uso después de liberación en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.1, Thunderbird before v17.0.2, Thunderbird ESR... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2013-0766 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0766
13 Jan 2013 — Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación de la implementación ~nsHTMLEditRules en Mozilla Firefox anterior a v1... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0767 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0767
13 Jan 2013 — The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función sSVGPathElement::GetPathLengthScale en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anteri... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 87%CPEs: 30EXPL: 2CVE-2013-0758 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0758
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x a... • https://www.exploit-db.com/exploits/41683 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0754 – Mozilla Firefox ListenerManager Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0754
13 Jan 2013 — Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. Vulnerabilidad de uso después de la liberación en la implementación del ListenerManager e... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •