CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5602 – Mozilla: Memory corruption in workers (MFSA 2013-101)
https://notcve.org/view.php?id=CVE-2013-5602
29 Oct 2013 — The Worker::SetEventListener function in the Web workers implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to direct proxies. La función Worker :: SetEventListener en la implementación Web workers de Mozilla Firefox antes de 25.0, Firefox ESR 17.x 24.x a... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 129EXPL: 0CVE-2013-5593 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5593
29 Oct 2013 — The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct clickjacking attacks via vectors that trigger navigation off of a page containing this element. La implementación elemento SELECT en Mozilla Firefox anterior a 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird ante... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 8%CPEs: 129EXPL: 0CVE-2013-5596 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5596
29 Oct 2013 — The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial of service (race condition and application crash) via a large HTML document containing IMG elements, as demonstrated by the Never-Ending Reddit on reddit.com. La implementación del ciclo de recolección (CC) en Moz... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5599 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5599
29 Oct 2013 — Use-after-free vulnerability in the nsIPresShell::GetPresContext function in the PresShell (aka presentation shell) implementation in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a CANVAS element, a mozTextStyle attribute, and an onresize... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5603 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5603
29 Oct 2013 — Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving HTML document templates. Vulnerabilidad de uso después de liberación en la función nsContentUtils::ContentIsHostIncludingDescendantOf de Mozilla Firefox anterior a la versión 25... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 129EXPL: 0CVE-2013-5591 – Ubuntu Security Notice USN-2009-1
https://notcve.org/view.php?id=CVE-2013-5591
29 Oct 2013 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor de Mozilla Firefox anterior a la versión 25.0, Firefox ESR 24.x anterior a 24.1, Thunderbird anterior a la versión 24.1, y SeaMonkey anterior a 2.22 permite ... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 9.3EPSS: 5%CPEs: 149EXPL: 0CVE-2013-5604 – Mozilla: Access violation with XSLT and uninitialized data (MFSA 2013-95)
https://notcve.org/view.php?id=CVE-2013-5604
29 Oct 2013 — The txXPathNodeUtils::getBaseURI function in the XSLT processor in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly initialize data, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow and application crash) via crafted documents. La función txXPathNodeUtils::getBaseURI en el procesador de XSLT en Mozilla Fir... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5590 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.10) (MFSA 2013-93)
https://notcve.org/view.php?id=CVE-2013-5590
29 Oct 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a 25.0, Firefox ESR 17.x 24.x a... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html •
CVSS: 10.0EPSS: 11%CPEs: 149EXPL: 0CVE-2013-5601 – Mozilla: Miscellaneous use-after-free issues found through ASAN fuzzing (MFSA 2013-100)
https://notcve.org/view.php?id=CVE-2013-5601
29 Oct 2013 — Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code via vectors related to a memory allocation through the garbage collection (GC) API. Vulnerabilidad de uso después de liberación en la función nsEventListenerManager::SetEventHandler de Mozilla Firefox an... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 7%CPEs: 149EXPL: 0CVE-2013-5597 – Mozilla: Use-after-free when updating offline cache (MFSA 2013-98)
https://notcve.org/view.php?id=CVE-2013-5597
29 Oct 2013 — Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a state-change event during an update of the offline cache. Vulnerabilidad de uso después de liberación en la función nsDocLoader::doSt... • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html • CWE-416: Use After Free •