CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1731
https://notcve.org/view.php?id=CVE-2013-1731
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory. Vulnerabilidad de búsqueda de ruta no confiable en la funcionalidad de traceo GL de Mozilla Firefox anterior a 24.0 sobre Android, permite a atacantes ejecutar codigo arbitrario a través de fichero troyano .so en directorio con permisos de escritura para todo usuario • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-87.html https://bugzilla.mozilla.org/show_bug.cgi?id=899702 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 3%CPEs: 119EXPL: 0CVE-2013-1723
https://notcve.org/view.php?id=CVE-2013-1723
The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after widget-memory reallocation. El "widget" NativeKey en Mozilla Firefox anterior a 24.0, Thunderbird anterior a 24.0, and SeaMonkey anterior a 2.21 , procesa mensajes clave después de la destrucción de un listener de eventos ya distribuido, lo que permite a un atacante remoto ejecutar código arbitrario sacando provecho del uso incorrecto de eventos tras la reasignación de memoria del "widget" • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 0%CPEs: 10EXPL: 0CVE-2013-1729
https://notcve.org/view.php?id=CVE-2013-1729
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. La implementación WebGL en Mozilla Firefox (anteriores a 24.0), cuando se utilizan los drivers gráficos NVIDIA en Mac OS X, permite a atacantes remotos obtener capturas de pantalla del escritorio leyendo de un elemento CANVAS. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-86.html https://bugzilla.mozilla.org/show_bug.cgi?id=879656 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 1CVE-2013-1727 – Mozilla Firefox 9.0.1 - Same Origin Policy Security Bypass
https://notcve.org/view.php?id=CVE-2013-1727
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. Mozilla Firefox anterior a 24.0 en Android permite a atacantes evitar la Same Origin Policy, y por lo tanto realizar ataques de cross-site scripting (XSS) o obtener la contraseña o la información de las cookies, mediante el uso de un enlace simbólico en conjunción con un archivo: URL para un archivo local. Firefox for Android versions prior to 24 suffer from a same-origin bypass vulnerability via symbolic links. • https://www.exploit-db.com/exploits/38766 http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://www.mozilla.org/security/announce/2013/mfsa2013-84.html https://bugzilla.mozilla.org/show_bug.cgi?id=782581 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 137EXPL: 0CVE-2013-1718 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76)
https://notcve.org/view.php?id=CVE-2013-1718
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación de Firefox anterior a 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunderbird anterior a 24.0, Thunderbird ESR 17.x anterior a 17.0.9 y SeaMonkey anterior a 2.21 permite a a atacantes remotos causar denegación de servicio (corrupción de memoria y caida de aplicación) o posible ejecución de código arbitrario a través de vectores desconocidos • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •