CVSS: 6.1EPSS: 1%CPEs: 178EXPL: 0CVE-2013-1714 – Mozilla: Same-origin bypass with web workers and XMLHttpRequest (MFSA 2013-73)
https://notcve.org/view.php?id=CVE-2013-1714
07 Aug 2013 — The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. La implementación Web Workers en Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thund... • http://www.debian.org/security/2013/dsa-2735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 178EXPL: 0CVE-2013-1717 – Mozilla: Local Java applets may read contents of local file system (MFSA 2013-75)
https://notcve.org/view.php?id=CVE-2013-1717
07 Aug 2013 — Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. Mozilla Firefox anterior a v23.0, Firefox ESR v17.x anterior a v 17.0.8, Thunderbird anterior a v 17.0.8, Thunderbird ESR v17.x anterior a v 17.0.8, y S... • http://www.debian.org/security/2013/dsa-2735 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 27EXPL: 0CVE-2013-1682 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.7) (MFSA 2013-49)
https://notcve.org/view.php?id=CVE-2013-1682
25 Jun 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación de Mozilla Firefox v22.0, Firefox ESR v17.x antes de v17.0.7, thunderbird anterior a v17.0.7 que permite... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1684 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)
https://notcve.org/view.php?id=CVE-2013-1684
25 Jun 2013 — Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. Vulnerabilidad de usar-despues-de-liberar en la función mozilla::dom::HTMLMediaElement::LookupMediaElementURITable en Mozilla Firefox anterior a v22.0... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1685 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)
https://notcve.org/view.php?id=CVE-2013-1685
25 Jun 2013 — Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. Vulnerabilidad de usar-despues-de-liberar en la función nsIDocument::GetRootElement en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 27EXPL: 0CVE-2013-1686 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)
https://notcve.org/view.php?id=CVE-2013-1686
25 Jun 2013 — Use-after-free vulnerability in the mozilla::ResetDir function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de usar-despues-de-liberar en la función mozilla::ResetDir en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunder... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 27EXPL: 0CVE-2013-1687 – Mozilla: Privileged content access and execution via XBL (MFSA 2013-51)
https://notcve.org/view.php?id=CVE-2013-1687
25 Jun 2013 — The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. Las implementaciones System Only Wrapper (SOW) y Chrome Object Wrapper (COW) en Mozilla F... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 45%CPEs: 34EXPL: 3CVE-2013-1690 – Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-1690
25 Jun 2013 — Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. Mozilla Firefox anterior a 22.0, Firefox ESR 17.x anterior a 17.0.7, Thunderbird anterior ... • https://packetstorm.news/files/id/122750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1692 – Mozilla: Data in the body of XHR HEAD requests leads to CSRF attacks (MFSA 2013-54)
https://notcve.org/view.php?id=CVE-2013-1692
25 Jun 2013 — Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunderbird ESR v17.x anterior a v17.0.7 no impiden la inclusión de datos del cuer... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1693 – Mozilla: SVG filters can lead to information disclosure (MFSA 2013-55)
https://notcve.org/view.php?id=CVE-2013-1693
25 Jun 2013 — The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. La implementacion del filtro SVG en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunderbird ESR 17.x ... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •