CVSS: 8.3EPSS: 1%CPEs: 13EXPL: 0CVE-2013-5598 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5598
29 Oct 2013 — PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. PDF.js en Mozilla Firefox anterior a la versión 25.0 y Firefox ESR.x anterior a 24.1 no maneja adecuadamente el anexo de un elemento IFRAME, lo que permite a atacantes remotos leer archivos arbitrarios o ejecutar ... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5603 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5603
29 Oct 2013 — Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. Vulnerabilidad de uso después de liberación en la función nsContentUtils::ContentIsHostIncludingDescendantOf de Mozilla Firefox anterior a la versión 25... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5597 – Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)
https://notcve.org/view.php?id=CVE-2013-5597
29 Oct 2013 — Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. Vulnerabilidad de uso después de liberación en la función nsDocLoader::doSt... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 11%CPEs: 149EXPL: 0CVE-2013-5600 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5600
29 Oct 2013 — Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. Vulnerabilidad de uso después de liberación en la función nsIOService::NewChannelFromURIWithProxyFlags de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 1... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 148EXPL: 0CVE-2013-5595 – Mozilla: Improperly initialized memory and overflows in some JavaScript functions (MFSA 2013-96)
https://notcve.org/view.php?id=CVE-2013-5595
29 Oct 2013 — The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. El motor JavaScript de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 17.x anterior a 17.0.10 y 24.x anterior a la versión 24.1, Thunderbird anterior a 24.1,... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 149EXPL: 0CVE-2013-5604 – Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95)
https://notcve.org/view.php?id=CVE-2013-5604
29 Oct 2013 — The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. La función txXPathNodeUtils::getBaseURI en el procesador de XSLT en Mozilla Fir... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5591 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5591
29 Oct 2013 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird anterior a la versión 24.1, y SeaMonkey anterior a 2.22 permite ... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5602 – Mozilla: Memory corruption in workers (MFSA 2013-101)
https://notcve.org/view.php?id=CVE-2013-5602
29 Oct 2013 — The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. La función Worker :: SetEventListener en la implementación Web workers de Mozilla Firefox antes de 25.0, Firefox ESR 17.x 24.x a... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5590 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.10) (MFSA 2013-93)
https://notcve.org/view.php?id=CVE-2013-5590
29 Oct 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a 25.0, Firefox ESR 17.x 24.x a... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 4.3EPSS: 0%CPEs: 129EXPL: 0CVE-2013-5593 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5593
29 Oct 2013 — The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. La implementación elemento SELECT en Mozilla Firefox anterior a 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird ante... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-20: Improper Input Validation •