CVSS: 9.3EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0750 – Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0750
13 Jan 2013 — Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. Desbordamiento de búfer en la implementación de JavaScript en el componente XMLSerializer en Mozilla Fi... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 87%CPEs: 30EXPL: 2CVE-2013-0753 – Mozilla Firefox XMLSerializer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0753
13 Jan 2013 — Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. Vulnerabilidad de uso después de la liberación en la implementación del serializeToStream en el componente XMLSerializer en Mozilla Fire... • https://packetstorm.news/files/id/123000 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0754 – Mozilla Firefox ListenerManager Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0754
13 Jan 2013 — Use-after-free vulnerability in the ListenerManager implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors involving the triggering of garbage collection after memory allocation for listener objects. Vulnerabilidad de uso después de la liberación en la implementación del ListenerManager e... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 87%CPEs: 30EXPL: 2CVE-2013-0758 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0758
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x a... • https://www.exploit-db.com/exploits/41683 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 1CVE-2013-0759 – Mozilla: URL spoofing in addressbar during page loads (MFSA 2013-04)
https://notcve.org/view.php?id=CVE-2013-0759
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2013-0762 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0762
13 Jan 2013 — Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función imgRequest::OnStopFrame en Mozilla Firefox anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2013-0763 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0763
13 Jan 2013 — Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. Vulnerabilidad de uso después de liberación en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.1, Thunderbird before v17.0.2, Thunderbird ESR... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2013-0766 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0766
13 Jan 2013 — Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación de la implementación ~nsHTMLEditRules en Mozilla Firefox anterior a v1... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0767 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0767
13 Jan 2013 — The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función sSVGPathElement::GetPathLengthScale en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anteri... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 3CVE-2013-0769 – Mozilla: Miscellaneous memory safety hazards (rv:10.0.12) (MFSA 2013-01)
https://notcve.org/view.php?id=CVE-2013-0769
13 Jan 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de búsqueda de Mozilla Firefox anterior a v18.0... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html •