Page 9 of 125 results (0.029 seconds)

CVSS: 6.8EPSS: 1%CPEs: 19EXPL: 1

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event. La función gPluginHandler.handleEvent en el maenjador de plugins en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, no refuerza adecuadamente el "Same Origin Policy", lo que permite a atacantes remotos llevar a cabo ataques de clickjacking a través de un código JavaScript manipulado que se mantiene a la escucha de un evento "mutation". • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://www.mozilla.org/security/announce/2013/mfsa2013-10.html http://www.ubuntu.com/usn/USN-1681-1 http://www.ubuntu.com/usn/USN-1681-2 http://www.ubuntu.com/usn/USN-1681-4 https:&# • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 8%CPEs: 19EXPL: 1

Use-after-free vulnerability in the mozVibrate implementation in the Vibrate library in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via vectors related to the domDoc pointer. Vulnerabilidad después de liberación en la implementación mozVibrate en la librería Vibrate en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con el puntero de domDoc. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the construction of VibrateWindowListener objects. A dangling pointer can be created that will then be sent to the VibrateWindowListener constructor. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://www.mozilla.org/security/announce/2013/mfsa2013-18.html http://www.ubuntu.com/usn/USN-1681-1 http://www.ubuntu.com/usn/USN-1681-2 http://www.ubuntu.com/usn/USN-1681-4 https:&# • CWE-416: Use After Free •

CVSS: 9.3EPSS: 0%CPEs: 21EXPL: 2

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, Thunderbird anterior a 17.0.2, Thunderbird ESR 10.x anterior a 10.0.12 y 17.x anterior a 17.0.2, y SeaMonkey anterior a 2.15, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.palemoon.org/releasenotes-ng.shtml http://www.ubuntu.com/usn/USN-1681-1 http://www.ubuntu.com/usn/USN-1681-2 http: •

CVSS: 9.3EPSS: 2%CPEs: 19EXPL: 0

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a crafted HTML document referencing JavaScript objects. La clase AutoWrapperChanger en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v17.x anterior a v17.0.2, y SeaMonkey anterior a v2.15 no interactúa correctamente con el recolector de basura, lo cual permite a atacantes remotos ejecutar código a su elección a través de documentos HTML manipulados haciendo referencia a objetos JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://www.mozilla.org/security/announce/2013/mfsa2013-08.html http://www.ubuntu.com/usn/USN-1681-1 http://www.ubuntu.com/usn/USN-1681-2 http://www.ubuntu.com/usn/USN-1681-4 https:&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 2%CPEs: 21EXPL: 0

Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. Desbordamiento de búfer basado en la función gfxTextRun::ShrinkToLigatureBoundaries en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.1, Thunderbird anterior a v17.0.2, Thunderbird ESR v17.x anterior a v17.0.1, y SeaMonkey anterior a v2.15 permite a atacantes remotos ejecutar código de su elección o manipular documentos. • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.ubuntu.com/usn/USN-1681-1 http://www.ubuntu.com/usn/USN-1681-2 http://www.ubuntu.com/usn/USN-1681-4 https:&# • CWE-787: Out-of-bounds Write •