Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1726 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 6.2 MEDIUM | N/A |
| Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. | |||||
| CVE-2013-1717 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 5.4 MEDIUM | N/A |
| Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary files by leveraging a download to a fixed pathname or other predictable pathname. | |||||
| CVE-2013-1714 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 does not properly restrict XMLHttpRequest calls, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2013-1713 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 use an incorrect URI within unspecified comparisons during enforcement of the Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks or install arbitrary add-ons via a crafted web site. | |||||
| CVE-2013-1700 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 7.2 HIGH | N/A |
| The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. | |||||
| CVE-2013-1698 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | N/A |
| The getUserMedia permission implementation in Mozilla Firefox before 22.0 references the URL of a top-level document instead of the URL of a specific page, which makes it easier for remote attackers to trick users into permitting camera or microphone access via a crafted web site that uses IFRAME elements. | |||||
| CVE-2013-1697 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2024-11-21 | 9.3 HIGH | N/A |
| The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 does not properly restrict use of DefaultValue for method calls, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers use of a user-defined (1) toString or (2) valueOf method. | |||||
| CVE-2013-1696 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.0 MEDIUM | N/A |
| Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. | |||||
| CVE-2013-1695 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. | |||||
| CVE-2013-1693 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2024-11-21 | 4.3 MEDIUM | N/A |
| The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. | |||||
| CVE-2013-1692 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2024-11-21 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not prevent the inclusion of body data in an XMLHttpRequest HEAD request, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web site. | |||||
| CVE-2013-1687 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2024-11-21 | 9.3 HIGH | N/A |
| The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. | |||||
| CVE-2013-1673 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 6.9 MEDIUM | N/A |
| The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path." | |||||
| CVE-2013-1672 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Thunderbird and 1 more | 2024-11-21 | 6.9 MEDIUM | N/A |
| The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. | |||||
| CVE-2013-1670 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2024-11-21 | 4.3 MEDIUM | N/A |
| The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. | |||||
| CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2024-11-21 | 6.9 MEDIUM | N/A |
| vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | |||||
| CVE-2013-1652 | 3 Canonical, Puppet, Puppetlabs | 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more | 2024-11-21 | 4.9 MEDIUM | N/A |
| Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. | |||||
| CVE-2013-1650 | 1 Open-xchange | 1 Open-xchange Server | 2024-11-21 | 2.1 LOW | N/A |
| Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations. | |||||
| CVE-2013-1635 | 1 Php | 1 Php | 2024-11-21 | 7.5 HIGH | N/A |
| ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. | |||||
| CVE-2013-1385 | 1 Adobe | 1 Shockwave Player | 2024-11-21 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. | |||||