|
VCID-5kk1-af3t-5qdd
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1690
|
|
VCID-5swu-e3xk-7bfx
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1692
|
|
VCID-946h-9dya-zyg7
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1682
|
|
VCID-fw25-a686-eqhx
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1697
|
|
VCID-j5wk-5thk-ckfr
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1687
|
|
VCID-pden-es6n-nfey
|
Security researcher 3ric Johanson reported in discussions
with Richard Newman and Holt Sorenson that
Verisign's prevention measures for homograph attacks using Internationalized
Domain Names (IDN) were insufficiently rigorous, and this led to a limited
possibility for domain spoofing in Firefox.IDN allows non-English speakers to use domains in their local language. Many
supported characters are similar or identical to others in English, allowing for
the potential spoofing of domain names and for phishing attacks when not
blocked. In consultation with Verisign, Mozilla had added .com, .net, and .name
top-level domains to its IDN whitelist, allowing for IDN use in those top-level
domains without restrictions. However, it became clear that a number of
historical dangerous registrations continued to be valid.This issue has been fixed by removing the .com, .net, and .name top-level
domains from the IDN whitelist, and supplementing the whitelist implementation
with technical restrictions against script-mixing in domain labels. These
restrictions apply to all non-whitelisted top-level domains. More information on
the exact algorithm used can be found here.
|
CVE-2013-1699
|
|
VCID-tqp2-yvuv-5ygs
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1684
|
|
VCID-yabd-5zcy-zbem
|
Mozilla community member Bob Owen reported that
<iframe sandbox> restrictions are not applied to a
frame element contained within a sandboxed iframe. As a result,
content hosted within a sandboxed iframe could use a frame element
to bypass the restrictions that should be applied.
|
CVE-2013-1695
|
|
VCID-yrvg-tnxb-akgc
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1693
|
|
VCID-z455-pxya-jyej
|
Bugzilla developer Frédéric Buclin reported
that the X-Frame-Options header is ignored when server push is used
in multi-part responses. This can lead to potential clickjacking on sites that
use X-Frame-Options as a protection.
|
CVE-2013-1696
|
|
VCID-zscp-wft5-f3ae
|
Multiple vulnerabilities have been found in Mozilla Firefox,
Thunderbird, and SeaMonkey, some of which may allow a remote user to
execute arbitrary code.
|
CVE-2013-1694
|