mozilla -- multiple vulnerabilities

2013-06-2500:00:00

vuxml.freebsd.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.13 Low

EPSS

Percentile

95.5%

JSON

The Mozilla Project reports:

Miscellaneous memory safety hazards (rv:22.0 / rv:17.0.7)
Title: Memory corruption found using Address Sanitizer
Privileged content access and execution via XBL
Arbitrary code execution within Profiler
Execution of unmapped memory through onreadystatechange
Data in the body of XHR HEAD requests leads to CSRF attacks
SVG filters can lead to information disclosure
PreserveWrapper has inconsistent behavior
Sandbox restrictions not applied to nested frame elements
X-Frame-Options ignored when using server push with multi-part
responses
XrayWrappers can be bypassed to run user defined methods in a
privileged context
getUserMedia permission dialog incorrectly displays location
Homograph domain spoofing in .com, .net and .name
Inaccessible updater can lead to local privilege escalation

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfirefox< 22.0,1UNKNOWN
FreeBSDanynoarchlinux-firefox< 17.0.7,1UNKNOWN
FreeBSDanynoarchlinux-seamonkey< 2.19UNKNOWN
FreeBSDanynoarchlinux-thunderbird< 17.0.7UNKNOWN
FreeBSDanynoarchseamonkey< 2.19UNKNOWN
FreeBSDanynoarchthunderbird< 17.0.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	firefox	< 22.0,1	UNKNOWN
FreeBSD	any	noarch	linux-firefox	< 17.0.7,1	UNKNOWN
FreeBSD	any	noarch	linux-seamonkey	< 2.19	UNKNOWN
FreeBSD	any	noarch	linux-thunderbird	< 17.0.7	UNKNOWN
FreeBSD	any	noarch	seamonkey	< 2.19	UNKNOWN
FreeBSD	any	noarch	thunderbird	< 17.0.7	UNKNOWN