CVSS: 9.8EPSS: 74%CPEs: 19EXPL: 3CVE-2013-0757 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0757
13 Jan 2013 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not prevent modifications to the prototype of an object, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by referencing Object.prototype.__proto__ in a crafted HTML document. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox anterior a v18.0, Firefox... • https://www.exploit-db.com/exploits/41683 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 87%CPEs: 30EXPL: 2CVE-2013-0758 – Mozilla Firefox < 17.0.1 - Flash Privileged Code Injection
https://notcve.org/view.php?id=CVE-2013-0758
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2, Thunderbird ESR v10.x a... • https://www.exploit-db.com/exploits/41683 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 1%CPEs: 30EXPL: 1CVE-2013-0759 – Mozilla: URL spoofing in addressbar during page loads (MFSA 2013-04)
https://notcve.org/view.php?id=CVE-2013-0759
13 Jan 2013 — Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anterior a v17.0.2, Thunderbird anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 3%CPEs: 21EXPL: 0CVE-2013-0760 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0760
13 Jan 2013 — Buffer overflow in the CharDistributionAnalysis::HandleOneChar function in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted document. Desbordamiento de bufer en la función CharDistributionAnalysis::HandleOneChar en Mozilla Firefox anterior a v18.0, Thunderbird anterior a v17.0.2, y SeaMonkey anterior a v2.15 que permite a atacantes remotos ejecutar código arbitrario a través de documentos manipulados. Multiple v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 1%CPEs: 21EXPL: 0CVE-2013-0761 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0761
13 Jan 2013 — Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la implementación mozilla::TrackUnionStream::EndTrack en Mozilla Firefox anterior a v18.0, Firef... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2013-0762 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0762
13 Jan 2013 — Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función imgRequest::OnStopFrame en Mozilla Firefox anterior a v... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 30EXPL: 0CVE-2013-0763 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0763
13 Jan 2013 — Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. Vulnerabilidad de uso después de liberación en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.1, Thunderbird before v17.0.2, Thunderbird ESR... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2013-0764 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0764
13 Jan 2013 — The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary code via crafted data, as demonstrated by e-mail message data. La función nsSOCKSSocketInfo::ConnectToProxy en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.2, Thunderbird anterior a v17.0.2... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 2%CPEs: 30EXPL: 0CVE-2013-0766 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0766
13 Jan 2013 — Use-after-free vulnerability in the ~nsHTMLEditRules implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación de la implementación ~nsHTMLEditRules en Mozilla Firefox anterior a v1... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0767 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2013-02)
https://notcve.org/view.php?id=CVE-2013-0767
13 Jan 2013 — The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función sSVGPathElement::GetPathLengthScale en Mozilla Firefox anterior a v18.0, Firefox ESR v10.x anterior a v10.0.12 y v17.x anteri... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •