CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 1CVE-2013-0747 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0747
13 Jan 2013 — The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. La función gPluginHandler.handleEvent en el maenjador de plugins en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x ante... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 1CVE-2013-0748 – Mozilla: Address space layout leaked in XBL objects (MFSA 2013-11)
https://notcve.org/view.php?id=CVE-2013-0748
13 Jan 2013 — The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. La implementación de en el motor de navegación en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 2CVE-2013-0749 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0749
13 Jan 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x an... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html •
CVSS: 9.3EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0750 – Mozilla Firefox String Replacement Heap Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0750
13 Jan 2013 — Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted string concatenation, leading to improper memory allocation and a heap-based buffer overflow. Desbordamiento de búfer en la implementación de JavaScript en el componente XMLSerializer en Mozilla Fi... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 2%CPEs: 28EXPL: 1CVE-2012-4201 – Mozilla: evalInSanbox location context incorrectly applied (MFSA 2012-93)
https://notcve.org/view.php?id=CVE-2012-4201
21 Nov 2012 — The evalInSandbox implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 uses an incorrect context during the handling of JavaScript code that sets the location.href property, which allows remote attackers to conduct cross-site scripting (XSS) attacks or read arbitrary files by leveraging a sandboxed add-on. La implementación evalInSandbox en Mozilla Firefox antes de v17.0, v10.x Firefox ESR ante... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 26EXPL: 0CVE-2012-4202 – Mozilla: Buffer overflow while rendering GIF images (MFSA 2012-92)
https://notcve.org/view.php?id=CVE-2012-4202
21 Nov 2012 — Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función image::RasterImage::DrawFrameTo en Mozilla Firefox antes de v17.0, Firefox ESR v10.x antes de v10.0.11, Thunderbird antes de v17.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 1%CPEs: 28EXPL: 1CVE-2012-4207 – Mozilla: Improper character decoding in HZ-GB-2312 charset (MFSA 2012-101)
https://notcve.org/view.php?id=CVE-2012-4207
21 Nov 2012 — The HZ-GB-2312 character-set implementation in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly handle a ~ (tilde) character in proximity to a chunk delimiter, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. La implementación del juego de caracteres HZ-GB-2312 en Mozilla Firefox anterior a v17.0, Firefox ESR v10.x anterior a v10.0.11, Thun... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 26EXPL: 0CVE-2012-4209 – Mozilla: Frames can shadow top.location (MFSA 2012-103)
https://notcve.org/view.php?id=CVE-2012-4209
21 Nov 2012 — Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. Mozilla Firefox anterior a v17.0, Firefox ESR v10.x anterior a v10.0.11, Thunderbird anterior a v17.0, Thunderbird ESR v10.x anterior a v10.0.11... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 19EXPL: 1CVE-2012-4213
https://notcve.org/view.php?id=CVE-2012-4213
21 Nov 2012 — Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función nsEditor::FindNextLeafNode en Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0, y SeaMonkey antes de 2.14 permite a atacantes remotos ejecutar código arbitrario o causar una denega... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 1CVE-2012-4214 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-4214
21 Nov 2012 — Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. Uso después de liberación en la función sTextEditorState::PrepareEditor en Mozilla Firefox antes de 17.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •