Versions of Mozilla Firefox earlier than version 23.0 are prone to the following vulnerabilities:
Multiple memory-corruption vulnerabilities exist in the browser engine that could lead to arbitrary code execution. (CVE-2013-1701, CVE-2013-1702)
Multiple stack-based buffer overflow vulnerabilities occur in both the Maintenance Service and the Mozilla Updater when unexpectedly long paths were encountered. (CVE-2013-1706, CVE-2013-1707)
A cross-site scripting vulnerability affects the application. An attacker can exploit this issue through an interaction of frames and browser history. (CVE-2013-1709)
A remote code execution and cross-site scripting vulnerability occurs when generating a Certificate Request Message Format (CRMF) request. (CVE-2013-1710)
A privilege-escalation vulnerability occurs due to an error when using Mozilla Updater. An attacker can exploit this issue to load a specific malicious DLL file from the local system using the Mozilla Updater, and can able to execute the DLL in a privileged context through the Mozilla Maintenance Service’s privileges. (CVE-2013-1712)
A same-origin security-bypass vulnerability exists because wrong principal is used for validating URI for some Javascript components. (CVE-2013-1713)
A same-origin security-bypass vulnerability occurs due to an error with web workers and XMLHttpRequest. (CVE-2013-1714)
An information-disclosure vulnerability occurs due to an unspecified error with Java applets. This issue leads to disclose contents of local file system when loaded using the a ‘file:/// URI’. (CVE-2013-1717)
Binary data 801464.prm
.mozilla.org/security/announce/2013/mfsa2013-63.html
.mozilla.org/security/announce/2013/mfsa2013-66.html
.mozilla.org/security/announce/2013/mfsa2013-68.html
.mozilla.org/security/announce/2013/mfsa2013-69.html
.mozilla.org/security/announce/2013/mfsa2013-71.html
.mozilla.org/security/announce/2013/mfsa2013-72.html
.mozilla.org/security/announce/2013/mfsa2013-73.html
.mozilla.org/security/announce/2013/mfsa2013-75.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1702
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1706
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1707
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1709
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1712
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1713
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1714
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1717