CVSS: 10.0EPSS: 1%CPEs: 153EXPL: 0CVE-2013-0795 – Mozilla: Bypass of SOW protections allows cloning of protected nodes (MFSA 2013-36)
https://notcve.org/view.php?id=CVE-2013-0795
03 Apr 2013 — The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. El System Only Wrapper (SOW) implementado en la aplicación Mozilla Firefox antes de... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 0%CPEs: 153EXPL: 0CVE-2013-0797 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0797
03 Apr 2013 — Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified directory. Vulnerabilidad de path de búsqueda no confiable en Mozilla Updater en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes de v17.0.5, Thunderbird anterior v17.0.5, Thunderbird ESR v17.x anterior v17.0.... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00013.html •
CVSS: 10.0EPSS: 20%CPEs: 153EXPL: 0CVE-2013-0788 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.5) (MFSA 2013-30)
https://notcve.org/view.php?id=CVE-2013-0788
03 Apr 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación de Mozilla Firefox anterior a 20.0, Firefox ESR 17.x anterior a 17.0.5, Thunderbi... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html •
CVSS: 7.5EPSS: 4%CPEs: 19EXPL: 0CVE-2013-0791 – Mozilla: Out-of-bounds array read in CERT_DecodeCertPackage (MFSA 2013-40)
https://notcve.org/view.php?id=CVE-2013-0791
03 Apr 2013 — The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. La función CERT_DecodeCertPackage en Mozilla Network Security Services (NSS), tal como se utiliza en Mozilla Firefox antes de v20.0... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 3CVE-2013-0796 – Mozilla: WebGL crash with Mesa graphics driver on Linux (MFSA 2013-35)
https://notcve.org/view.php?id=CVE-2013-0796
03 Apr 2013 — The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 on Linux does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (free of unallocated memory) via unspecified vectors. El subsistema de WebGL en Mozilla Firefox antes de v20.0, Firefox ESR v17.x antes de v17.0.5, Thunderbird antes de v17.0.5, Thunderbird ESR v17.x... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2013-0800 – Mozilla: Out-of-bounds write in Cairo library (MFSA 2013-31)
https://notcve.org/view.php?id=CVE-2013-0800
03 Apr 2013 — Integer signedness error in the pixman_fill_sse2 function in pixman-sse2.c in Pixman, as distributed with Cairo and used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to execute arbitrary code via crafted values that trigger attempted use of a (1) negative box boundary or (2) negative box size, leading to an out-of-bounds write operation. Error de signo de enter... • http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00009.html • CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 34EXPL: 0CVE-2013-2566 – Gentoo Linux Security Advisory 201406-19
https://notcve.org/view.php?id=CVE-2013-2566
14 Mar 2013 — The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. El algoritmo RC4, tal como se usa en el protocolo TLS y protocolo SSL, tiene muchos "single-byte biases", lo que hace que sea más fácil para atacantes remotos realizar ataques de recuperación de texto claro a través de análisis estadístico... • http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 11%CPEs: 20EXPL: 0CVE-2013-0787 – Mozilla Firefox nsHTMLEditRules Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-0787
11 Mar 2013 — Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call. Vulnerabilidad en la gestión de recursos en la función nsEditor::IsPreformatted en editor/libeditor/base/nsEditor.cpp en Mozilla Firefox anterior a v19.0.... • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 22EXPL: 0CVE-2013-0783 – Mozilla: Miscellaneous memory safety hazards (rv:17.0.3) (MFSA 2013-21)
https://notcve.org/view.php?id=CVE-2013-0783
19 Feb 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a v19.0, Firefox ESR v17.x anterior a v17.0.3, Thund... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html •
CVSS: 9.8EPSS: 1%CPEs: 12EXPL: 0CVE-2013-0781 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0781
19 Feb 2013 — Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsPrintEngine::CommonPrint en Mozilla Firefox anterior a v19.0, Thunderbird anterior a v17.0.3, y SeaMonkey anterior a v2.16 permite a atacantes remotos ejecutar código... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00017.html • CWE-416: Use After Free •