CVE-2013-6625

CVE-2013-6625 is a use-after-free in DOM ranges (Blink: core/dom/ContainerNode.cpp) used by Google Chrome prior to 31.0.1650.48. Exploitation could cause a denial of service or other impact by removing a child node after a mutation or blur event. Mitigation: apply Chromium updates that address th...

CVE-2013-6625

Removed by vendor...

CVE-2013-5596

The cycle collection CC implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

CVE-2013-5596

The cycle collection CC implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...

FreeBSD : mozilla -- multiple vulnerabilities (7dfed67b-20aa-11e3-b8d8-0025905a4771)

The Mozilla Project reports : MFSA 2013-76 Miscellaneous memory safety hazards rv:24.0 / rv:17.0.9 MFSA 2013-77 Improper state in HTML5 Tree Builder with templates MFSA 2013-78 Integer overflow in ANGLE library MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning MFSA 2013-8...

Moodle 'external.php' 'badge' Parameter XSS

The version of Moodle installed on the remote host fails to properly sanitize user-supplied input to the 'badge' parameter of the 'external.php' script. The application also fails to properly sanitize serialized objects. An attacker can exploit these issues by crafting a URL containing a serializ...

SUSE-SU-2015:0446-1 Security update for Mozilla Firefox

This update to Firefox 17.0.9esr bnc840485 addresses: MFSA 2013-91 User-defined properties on DOM proxies get the wrong 'this' object o CVE-2013-1737 MFSA 2013-90 Memory corruption involving scrolling o use-after-free in mozilla::layout::ScrollbarActivity CVE-2013-1735 o Memory corruption in...

Mozilla Thunderbird 17.x through 23.x Multiple Vulnerabilities

The installed version of Thunderbird is 17.x or later but prior to 24. It is, therefore, potentially affected the following vulnerabilities: - Memory issues exist in the browser engine that could allow for denial of service or arbitrary code execution. CVE-2013-1718, CVE-2013-1719 - The HTML5 Tre...

CVE-2013-1725

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...

Scientific Linux Security Update : firefox on SL5.x, SL6.x i386/srpm/x86_64 (20130917)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730,...

Mozilla Thunderbird < 24.0

Binary data 8011.prm...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/srpm/x86_64 (20130917)

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2013-1718, CVE-2013-1722, CVE-2013-1725, CVE-2013-1730, CVE-2013-1732, CVE-2013-1735...

Mozilla: Calling scope for new Javascript objects can lead to memory corruption (MFSA 2013-82)

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not ensure that initialization occurs for JavaScript objects with compartments, which allows remote attackers to execute arbitrary code by...

CVE-2013-4810

HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...

Microsoft Windows OLE Remote Code Execution Vulnerability (2876217)

This host is missing an critical security update according to Microsoft Bulletin MS13-070. OpenVAS Vulnerability Test $Id: secpodms13-070.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows OLE Remote Code Execution Vulnerability 2876217 Authors: Veerendra GG Copyright: Copyright c 2013 SecPod...

MS13-070: Vulnerability in OLE Could Allow Remote Code Execution (2876217)

The version of Windows on the remote host is affected by a code execution vulnerability due to a flaw in the handling of OLE objects. An attacker could exploit this issue to execute arbitrary code by enticing a user to open a file containing a specially crafted OLE object. C Tenable Network...

Adobe Reader ToolButton Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...