CVSS: 9.3EPSS: 5%CPEs: 149EXPL: 0CVE-2013-5604 – Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95)
https://notcve.org/view.php?id=CVE-2013-5604
29 Oct 2013 — The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. La función txXPathNodeUtils::getBaseURI en el procesador de XSLT en Mozilla Fir... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5591 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5591
29 Oct 2013 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird anterior a la versión 24.1, y SeaMonkey anterior a 2.22 permite ... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5602 – Mozilla: Memory corruption in workers (MFSA 2013-101)
https://notcve.org/view.php?id=CVE-2013-5602
29 Oct 2013 — The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. La función Worker :: SetEventListener en la implementación Web workers de Mozilla Firefox antes de 25.0, Firefox ESR 17.x 24.x a... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5590 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.10) (MFSA 2013-93)
https://notcve.org/view.php?id=CVE-2013-5590
29 Oct 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a 25.0, Firefox ESR 17.x 24.x a... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 4.3EPSS: 0%CPEs: 129EXPL: 0CVE-2013-5593 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5593
29 Oct 2013 — The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. La implementación elemento SELECT en Mozilla Firefox anterior a 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird ante... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0CVE-2013-2566 – Gentoo Linux Security Advisory 201406-19
https://notcve.org/view.php?id=CVE-2013-2566
14 Mar 2013 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos "single-byte biases", lo que hace que sea más fácil para atacantes remotos realizar ataques de recuperación de texto claro a través de análisis estadístico... • http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html • CWE-326: Inadequate Encryption Strength •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3079 – Debian Security Advisory 3260-1
https://notcve.org/view.php?id=CVE-2011-3079
01 May 2012 — The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de a... • http://code.google.com/p/chromium/issues/detail?id=117627 • CWE-399: Resource Management Errors •