CVSS: 9.3EPSS: 6%CPEs: 30EXPL: 3CVE-2013-0758 – Firefox 17.0.1 Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0758
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y 17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar código JavaScript de su elección con privilegios chrome utilizando una interacción inapropiada entre los objetos de plugin y elementos SVG. • https://www.exploit-db.com/exploits/41683 https://www.exploit-db.com/exploits/41684 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http:/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0762 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0762
Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función imgRequest::OnStopFrame en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicios (corrupción en la memoria dinámica) a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.securityfocus.com/bid&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 30EXPL: 0CVE-2013-0767 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0767
The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función sSVGPathElement::GetPathLengthScale en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar código arbitrio o causar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.securityfocus.com/bid&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 97%CPEs: 30EXPL: 1CVE-2013-0753 – Mozilla Firefox XMLSerializer Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0753
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content. Vulnerabilidad de uso después de la liberación en la implementación del serializeToStream en el componente XMLSerializer en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos ejecutar código arbitrario a través de un contenido web modificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XML serialization of the DOM. A certain method used during serialization is provided by the user and can be made to create a dangling pointer. • https://www.exploit-db.com/exploits/27940 http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 30EXPL: 3CVE-2013-0769 – Mozilla: Miscellaneous memory safety hazards (rv:10.0.12) (MFSA 2013-01)
https://notcve.org/view.php?id=CVE-2013-0769
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de búsqueda de Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.1, y SeaMonkey anterior a v2.15 permite ataques remotos que provocan una denegación de servicios (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores sin especificar. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://rhn.redhat.com/errata/RHSA-2013-0144.html http://rhn.redhat.com/errata/RHSA-2013-0145.html http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.palemoon.org/releasenot •