CVSS: 9.8EPSS: 5%CPEs: 172EXPL: 0CVE-2013-5607 – nspr: Avoid unsigned integer wrapping in PL_ArenaAllocate (MFSA 2013-103)
https://notcve.org/view.php?id=CVE-2013-5607
20 Nov 2013 — Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. Desbordamiento de enteros en la función de PL_ArenaAllocate en Mozilla Netscape Portable Runtime (NSPR... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 21EXPL: 0CVE-2013-6629 – libjpeg: information leak (read of uninitialized memory)
https://notcve.org/view.php?id=CVE-2013-6629
12 Nov 2013 — The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) libjpeg-turbo through 1.3.0, as used in Google Chrome before 31.0.1650.48, Ghostscript, and other products, does not check for certain duplications of component data during the reading of segments that follow Start Of Scan (SOS) JPEG markers, which allows remote attackers to obtain sensitive information from uninitialized memory locations via a crafted JPEG image. La función get_sos de jdmarker.c en libjpeg 6b y libjpeg-turbo hasta la versión 1.3.... • http://advisories.mageia.org/MGASA-2013-0333.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5599 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5599
29 Oct 2013 — Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 8%CPEs: 129EXPL: 0CVE-2013-5596 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5596
29 Oct 2013 — The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. La implementación del ciclo de recolección (CC) en Moz... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 149EXPL: 0CVE-2013-5601 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5601
29 Oct 2013 — Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. Vulnerabilidad de uso después de liberación en la función nsEventListenerManager::SetEventHandler de Mozilla Firefox an... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 8.3EPSS: 1%CPEs: 13EXPL: 0CVE-2013-5598 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5598
29 Oct 2013 — PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. PDF.js en Mozilla Firefox anterior a la versión 25.0 y Firefox ESR.x anterior a 24.1 no maneja adecuadamente el anexo de un elemento IFRAME, lo que permite a atacantes remotos leer archivos arbitrarios o ejecutar ... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5603 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5603
29 Oct 2013 — Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. Vulnerabilidad de uso después de liberación en la función nsContentUtils::ContentIsHostIncludingDescendantOf de Mozilla Firefox anterior a la versión 25... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5597 – Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)
https://notcve.org/view.php?id=CVE-2013-5597
29 Oct 2013 — Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. Vulnerabilidad de uso después de liberación en la función nsDocLoader::doSt... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 11%CPEs: 149EXPL: 0CVE-2013-5600 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5600
29 Oct 2013 — Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. Vulnerabilidad de uso después de liberación en la función nsIOService::NewChannelFromURIWithProxyFlags de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 1... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 148EXPL: 0CVE-2013-5595 – Mozilla: Improperly initialized memory and overflows in some JavaScript functions (MFSA 2013-96)
https://notcve.org/view.php?id=CVE-2013-5595
29 Oct 2013 — The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. El motor JavaScript de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 17.x anterior a 17.0.10 y 24.x anterior a la versión 24.1, Thunderbird anterior a 24.1,... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •