CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5599 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5599
29 Oct 2013 — Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 8%CPEs: 129EXPL: 0CVE-2013-5596 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5596
29 Oct 2013 — The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. La implementación del ciclo de recolección (CC) en Moz... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 149EXPL: 0CVE-2013-5601 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5601
29 Oct 2013 — Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. Vulnerabilidad de uso después de liberación en la función nsEventListenerManager::SetEventHandler de Mozilla Firefox an... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5603 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5603
29 Oct 2013 — Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. Vulnerabilidad de uso después de liberación en la función nsContentUtils::ContentIsHostIncludingDescendantOf de Mozilla Firefox anterior a la versión 25... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5597 – Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)
https://notcve.org/view.php?id=CVE-2013-5597
29 Oct 2013 — Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. Vulnerabilidad de uso después de liberación en la función nsDocLoader::doSt... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 11%CPEs: 149EXPL: 0CVE-2013-5600 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5600
29 Oct 2013 — Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors involving a blob: URL. Vulnerabilidad de uso después de liberación en la función nsIOService::NewChannelFromURIWithProxyFlags de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 1... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 148EXPL: 0CVE-2013-5595 – Mozilla: Improperly initialized memory and overflows in some JavaScript functions (MFSA 2013-96)
https://notcve.org/view.php?id=CVE-2013-5595
29 Oct 2013 — The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct buffer overflow attacks via a crafted web page. El motor JavaScript de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 17.x anterior a 17.0.10 y 24.x anterior a la versión 24.1, Thunderbird anterior a 24.1,... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 149EXPL: 0CVE-2013-5604 – Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95)
https://notcve.org/view.php?id=CVE-2013-5604
29 Oct 2013 — The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. La función txXPathNodeUtils::getBaseURI en el procesador de XSLT en Mozilla Fir... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5591 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5591
29 Oct 2013 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird anterior a la versión 24.1, y SeaMonkey anterior a 2.22 permite ... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5602 – Mozilla: Memory corruption in workers (MFSA 2013-101)
https://notcve.org/view.php?id=CVE-2013-5602
29 Oct 2013 — The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. La función Worker :: SetEventListener en la implementación Web workers de Mozilla Firefox antes de 25.0, Firefox ESR 17.x 24.x a... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •