CVSS: 7.8EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1726 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1726
18 Sep 2013 — Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. Mozilla Updater en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.0... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 9%CPEs: 137EXPL: 0CVE-2013-1725 – Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)
https://notcve.org/view.php?id=CVE-2013-1725
17 Sep 2013 — Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by leveraging incorrect scope handling. Las versiones Mozilla Firefox, anterior a 24.0 Firefox EST anterior a 17.x , Thunderbird anterior a 24.0 , Thunderbird ESR anterior a 17.x y SeaMonkey anterior a 2.21 no garantiza la in... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 137EXPL: 0CVE-2013-1735 – Mozilla: Memory corruption involving scrolling (MFSA 2013-90)
https://notcve.org/view.php?id=CVE-2013-1735
17 Sep 2013 — Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling. Vulnerabilidad de uso después de liberación en la función mozilla::layout::ScrollbarActivity de Mozilla Firefox anterior a la versión 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunde... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 19%CPEs: 137EXPL: 0CVE-2013-1732 – Mozilla: Buffer overflow with multi-column, lists, and floats (MFSA 2013-89)
https://notcve.org/view.php?id=CVE-2013-1732
17 Sep 2013 — Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout. Desbordamiento de buffer en la función nsFloatmanager::GetFlowArea en Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9) y SeaMonkey (anteriores a 2.21) permite... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 137EXPL: 0CVE-2013-1737 – Mozilla: User-defined properties on DOM proxies get the wrong "this" object (MFSA 2013-91)
https://notcve.org/view.php?id=CVE-2013-1737
17 Sep 2013 — Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. Mozilla Firefox (anteriores a 24.0), Firefox ESR 17.x (anteriores a 17.0.9), Thunderbird (anteriores a 24.0), Thunderbird ESR 17.x (anteriores a 17.... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 137EXPL: 0CVE-2013-1722 – Mozilla: Use-after-free in Animation Manager during stylesheet cloning (MFSA 2013-79)
https://notcve.org/view.php?id=CVE-2013-1722
17 Sep 2013 — Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning. Vulnerabilidad de uso después de liberación en la función nsAnimationManager::BuildAnimations en el Animation... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 8.8EPSS: 2%CPEs: 137EXPL: 0CVE-2013-1730 – Mozilla: Compartment mismatch re-attaching XBL-backed nodes (MFSA 2013-88)
https://notcve.org/view.php?id=CVE-2013-1730
17 Sep 2013 — Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of service (JavaScript compartment mismatch, or assertion failure and application exit) via a crafted web site. Mozilla Firefox anteriores a v24.0, Firefox ESR 17.x anteriores a v17.0.9, Thunderbird anteriores a v24.0, ... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 137EXPL: 0CVE-2013-1718 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.9) (MFSA 2013-76)
https://notcve.org/view.php?id=CVE-2013-1718
17 Sep 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación de Firefox anterior a 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunderbird anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 10%CPEs: 137EXPL: 0CVE-2013-1736 – Mozilla: Memory corruption involving scrolling (MFSA 2013-90)
https://notcve.org/view.php?id=CVE-2013-1736
17 Sep 2013 — The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes. La función nsGfxScrollFrameInner::IsLTR en Mozilla Firefox anterior a 24.0, Firefox ESR 17.x anterior a 17.0.9, Thunderbir... • http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1712 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-1712
07 Aug 2013 — Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Updater in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, and Thunderbird ESR 17.x before 17.0.8 on Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012 allow local users to gain privileges via a Trojan horse DLL in (1) the update directory or (2) the current working directory. Múltiples vulnerabilidades de path de búsqueda inseguro en updater.exe en Mozilla Firefox anterior a v... • http://www.mozilla.org/security/announce/2013/mfsa2013-71.html •