Page 310 of 2282 results (0.063 seconds)

CVSS: 9.3EPSS: 4%CPEs: 137EXPL: 0

Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. Vulnerabilidad de uso después de liberación en la función nsAnimationManager::BuildAnimations en el Animation Manager de Mozilla Firefox anterior a la versión 17.0.9, Thunderbird anterior a 24.0, Thunderbird ESR 17.x anterior a 17.0.9, y SeaMonkey anterior a 2.21 permite a atacantes remotos ejecutar código arbitrario o causar una denegación del servicio (corrupción de memoria dinámica) a través de vectores relacionados con la clonación de estilos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg0005 • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 6.8EPSS: 4%CPEs: 119EXPL: 0

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer over-read) by triggering use of this stack in its empty state. La función nsHtml5TreeBuilder::resetTheInsertionMode en el HTML5 Tree Builder de Mozilla Firefox (anteriores a 24.0), Thunderbird (anteriores a 24.0) y SeaMonkey (anteriores a 2.21) no mantiene apropiadamente el estado de pila del modo de inserción para elementos de plantilla, lo que permite a un atacante remoto ejecutar código arbitrario o causar una denegación de servicio (sobrelectura de buffer en memoria dinámica) desencadenando el uso de esta pila en su estado vacío. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 7%CPEs: 119EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v24.0, Thunderbird anterior a v24.0, y SeaMonkey anterior a v2.21 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente la ejecución de código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 178EXPL: 0

The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. La implementación Web Workers en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y SeaMonkey anterior a v 2.20 no restringe adecuadamente las llamadas XMLHttpRequest, lo que permite a atacantes remotos evitar la Same Origin Policy y realizar ataques de cross-site scripting (XSS) a través de vectores no especificados. • http://www.debian.org/security/2013/dsa-2735 http://www.debian.org/security/2013/dsa-2746 http://www.mozilla.org/security/announce/2013/mfsa2013-73.html http://www.securityfocus.com/bid/61882 https://bugzilla.mozilla.org/show_bug.cgi?id=879787 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18002 https://access.redhat.com/security/cve/CVE-2013-1714 https://bugzilla.redhat.com/show_bug.cgi?id=993604 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 8EXPL: 0

Multiple untrusted search path vulnerabilities in the (1) full installer and (2) stub installer in Mozilla Firefox before 23.0 on Windows allow local users to gain privileges via a Trojan horse DLL in the default downloads directory. NOTE: this issue exists because of an incomplete fix for CVE-2012-4206. Múltiples vulnerabilidades de ruta de búsqueda no confiable en (1) el instalador completo y (2) el instalador parcial en Mozilla Firefox antes de v23.0 en Windows permite a los usuarios locales conseguir privilegios a través de un troyano DLL en el directorio predeterminado de descargas. NOTA: este problema existe debido a una corrección incompleta de CVE-2012-4206. • http://www.mozilla.org/security/announce/2013/mfsa2013-74.html https://bugzilla.mozilla.org/show_bug.cgi?id=883165 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18210 •