CVSS: 9.3EPSS: 2%CPEs: 27EXPL: 0CVE-2013-1684 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-50)
https://notcve.org/view.php?id=CVE-2013-1684
Use-after-free vulnerability in the mozilla::dom::HTMLMediaElement::LookupMediaElementURITable function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted web site. Vulnerabilidad de usar-despues-de-liberar en la función mozilla::dom::HTMLMediaElement::LookupMediaElementURITable en Mozilla Firefox anterior a v22.0, Firefox ESR v17.x anterior a v17.0.7, Thunderbird anterior a v17.0.7, y Thunderbird ESR v17.x anterior a v17.0.7 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante un sitio web especialmente diseñado. • http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00011.html http://rhn.redhat.com/errata/RHSA-2013-0981.html http:&# • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 9%CPEs: 23EXPL: 0CVE-2013-1678 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1678
The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via unspecified vectors. La función _cairo_xlib_surface_add_glyph en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (operación de escritura inválida) mediante vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 23EXPL: 0CVE-2013-1680 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1680
Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función nsFrameList::FirstChild en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 23EXPL: 0CVE-2013-1679 – Mozilla: Memory corruption found using Address Sanitizer (MFSA 2013-48)
https://notcve.org/view.php?id=CVE-2013-1679
Use-after-free vulnerability in the mozilla::plugins::child::_geturlnotify function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad "usar después de liberar" en la función mozilla::plugins::child::_geturlnotify en Mozilla Firefox anterior a v21.0, Firefox ESR v17.x anterior a v17.0.6, Thunderbird anterior a v17.0.6, y Thunderbird ESR v17.x anterior a v17.0.6 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://rhn.redhat.com/errata/RHSA-2013-0820.html http://rhn.redhat.com/errata/RHSA-2013-0821.html http://www.debian.org&#x • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 5EXPL: 0CVE-2013-1669
https://notcve.org/view.php?id=CVE-2013-1669
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación en Mozilla Firefox anterior a v21.0 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html http://www.mozilla.org/security/announce/2013/mfsa2013-41.html http://www.securityfocus.com/bid/59870 http://www.ubuntu.com/ •