CVSS: 9.8EPSS: 11%CPEs: 27EXPL: 0CVE-2013-1694 – Mozilla: PreserveWrapper has inconsistent behavior (MFSA 2013-56)
https://notcve.org/view.php?id=CVE-2013-1694
25 Jun 2013 — The PreserveWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly handle the lack of a wrapper, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by leveraging unintended clearing of the wrapper cache's preserved-wrapper flag. La implementación PreserveWrapper en Mozilla Firefox antes de v22.0, Firefox ESR 17.x antes de v17.0.7, ... • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 37%CPEs: 34EXPL: 3CVE-2013-1690 – Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2013-1690
25 Jun 2013 — Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. Mozilla Firefox anterior a 22.0, Firefox ESR 17.x anterior a 17.0.7, Thunderbird anterior ... • https://packetstorm.news/files/id/122750 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 23EXPL: 0CVE-2013-1674 – Mozilla: Use-after-free with video and onresize event (MFSA 2013-46)
https://notcve.org/view.php?id=CVE-2013-1674
16 May 2013 — Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during the playing of a video. Vulnerabilidad de tipo "usar despues de liberar" en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecu... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 18%CPEs: 23EXPL: 0CVE-2013-1680 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1680
16 May 2013 — Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsFrameList::FirstChild en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 23EXPL: 0CVE-2013-1677 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1677
16 May 2013 — The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función gfxSkipCharsIterator::SetOffsets en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacant... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 27EXPL: 0CVE-2013-1672
https://notcve.org/view.php?id=CVE-2013-1672
16 May 2013 — The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. El Mozilla Updater en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 en Windows permite a usuarios locales eludir la verificación de i... • http://www.mozilla.org/security/announce/2013/mfsa2013-44.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 11%CPEs: 23EXPL: 0CVE-2013-1676 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1676
16 May 2013 — The SelectionIterator::GetNextSegment function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función SelectionIterator::GetNextSegment en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a ataca... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 18%CPEs: 23EXPL: 0CVE-2013-1681 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1681
16 May 2013 — Use-after-free vulnerability in the nsContentUtils::RemoveScriptBlocker function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsContentUtils::RemoveScriptBlocker en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunde... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 13%CPEs: 23EXPL: 0CVE-2013-0801 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.6) (MFSA 2013-41)
https://notcve.org/view.php?id=CVE-2013-0801
16 May 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html •
CVSS: 10.0EPSS: 11%CPEs: 23EXPL: 0CVE-2013-1678 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1678
16 May 2013 — The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. La función _cairo_xlib_surface_add_glyph en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacante... • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •