CVE-2013-1723
https://notcve.org/view.php?id=CVE-2013-1723
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. El "widget" NativeKey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0, and SeaMonkey anterior a 2.21 , procesa mensajes clave después de la destrucción de un listener de eventos ya distribuido, lo que permite a un atacante remoto ejecutar código arbitrario sacando provecho del uso incorrecto de eventos tras la reasignación de memoria del "widget" • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2013-1731
https://notcve.org/view.php?id=CVE-2013-1731
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory. Vulnerabilidad de búsqueda de ruta no confiable en la funcionalidad de traceo GL de Mozilla Firefox anterior a 24.0 sobre Android, permite a atacantes ejecutar codigo arbitrario a través de fichero troyano .so en directorio con permisos de escritura para todo usuario • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-87.html https://bugzilla.mozilla.org/show_bug.cgi?id=899702 • CWE-20: Improper Input Validation •
CVE-2013-1727 – Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass
https://notcve.org/view.php?id=CVE-2013-1727
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. Mozilla Firefox anterior a 24.0 en Android permite a atacantes evitar la Same Origin Policy, y por lo tanto realizar ataques de cross-site scripting (XSS) o obtener la contraseña o la información de las cookies, mediante el uso de un enlace simbólico en conjunción con un archivo: URL para un archivo local. Firefox for Android versions prior to 24 suffer from a same-origin bypass vulnerability via symbolic links. • https://www.exploit-db.com/exploits/38766 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-84.html https://bugzilla.mozilla.org/show_bug.cgi?id=782581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-1729
https://notcve.org/view.php?id=CVE-2013-1729
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. La implementación WebGL en Mozilla Firefox (anteriores a 24.0), cuando se utilizan los drivers gráficos NVIDIA en Mac OS X, permite a atacantes remotos obtener capturas de pantalla del escritorio leyendo de un elemento CANVAS. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-86.html https://bugzilla.mozilla.org/show_bug.cgi?id=879656 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-1730 – Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)
https://notcve.org/view.php?id=CVE-2013-1730
Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Mozilla Firefox anteriores a v24.0, Firefox ESR 17.x anteriores a v17.0.9, Thunderbird anteriores a v24.0, Thunderbird ESR 17.x anteriores a 17.0.9, y SeaMonkey anteriores a v2.21 no manejan correctamente el movimiento de nodos con respaldo XBL entre documentos, lo cual permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (desajuste del compartimiento JavaScript, o fallo de aserción y salida de la aplicación) a través de un sitio web manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •