Page 324 of 2521 results (0.020 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2013-0798

https://notcve.org/view.php?id=CVE-2013-0798

Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. Mozilla Firefox antes de v20.0 en Android usa permisos de escritura y lectura globales para el la carpeta de instalación app_tmp en el sistema de ficheros local, lo que permite a los atacantes modificar complementos antes de la instalación a través del manejo del tiempo de ventana mientras el app_tmp es usado. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://www.mozilla.org/security/announce/2013/mfsa2013-33.html https://bugzilla.mozilla.org/show_bug.cgi?id=844832 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.8EPSS: 1%CPEs: 138EXPL: 0

CVE-2013-0794

https://notcve.org/view.php?id=CVE-2013-0794

Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. Mozilla Firefox anterior a v20.0 y SeaMonkey anterior a v2.17 no previene origen de suplantación en diálogos tabulados, lo que permite a atacantes remotos llevar ataques de phising a través de sitios web manipulados. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html http://www.mozilla.org/security/announce/2013/mfsa2013-37.html https://bugzilla.mozilla.org/show_bug.cgi?id=626775 https://oval.cisecur •

CVSS: 4.3EPSS: 1%CPEs: 138EXPL: 0

CVE-2013-0792

https://notcve.org/view.php?id=CVE-2013-0792

Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image. Mozilla Firefox anterior a v20.0 y SeaMonkey antes de v2.17, cuando se utiliza gfx.color_management.enablev4, no tratan correctamente los perfiles de color durante el procesamiento PNG, que permite a atacantes remotos obtener información sensible de la memoria del proceso o causar una denegación de servicio (corrupción de memoria) a través una escala de grises de la imagen PNG. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html http://www.mozilla.org/security/announce/2013/mfsa2013-39.html https://bugzilla.mozilla.org/show_bug.cgi?id=722831 https://oval.cisecur • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 6%CPEs: 180EXPL: 0

CVE-2013-0790

https://notcve.org/view.php?id=CVE-2013-0790

Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox anterior a v20.0 en Android permite a atacantes remotos causar una denegación de servicios (corrupción de pila de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores sin especificar que implica un complemento. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://www.mozilla.org/security/announce/2013/mfsa2013-30.html https://bugzilla.mozilla.org/show_bug.cgi?id=842687 •

CVSS: 6.8EPSS: 1%CPEs: 23EXPL: 0

CVE-2013-0800 – Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)

https://notcve.org/view.php?id=CVE-2013-0800

Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. Error de signo de entero en la función pixman_fill_sse2 en pixman-sse2.c en Pixman, distribuido con Cairo y utiliza Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x antes v17.0.5, SeaMonkey antes de v2.17, y otros productos, permite a atacantes remotos ejecutar código arbitrario a través de los valores manipulados que desencadenan intento de uso de un límite de caja (1) negativo o (2) tamaño de caja negativo, lo que lleva a una operación de escritura fuera de rango. • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00019.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00012.html http://rhn.redhat.com/errata/RHSA-2013-0696.html http://rhn.redhat.com/errata/RHSA-2013-0697.html http://www.debian.org/security&#x • CWE-787: Out-of-bounds Write •