Vulnerabilities > Fedoraproject

DATE CVE VULNERABILITY TITLE RISK
2013-12-11 CVE-2013-6671 Code Injection vulnerability in multiple products
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.
network
low complexity
mozilla canonical redhat opensuse suse fedoraproject CWE-94
critical
9.8
2013-12-11 CVE-2013-5618 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection.
network
low complexity
mozilla fedoraproject opensuse suse canonical redhat CWE-416
critical
9.8
2013-12-11 CVE-2013-5616 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to mListeners event listeners.
network
low complexity
mozilla fedoraproject opensuse suse redhat canonical CWE-416
critical
9.8
2013-12-11 CVE-2013-5615 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
network
low complexity
mozilla canonical opensuse suse fedoraproject
critical
9.8
2013-12-11 CVE-2013-5613 Use After Free vulnerability in multiple products
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.
network
low complexity
mozilla fedoraproject opensuse suse redhat canonical CWE-416
critical
9.8
2013-12-11 CVE-2013-5609 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla fedoraproject opensuse suse canonical redhat
critical
9.8
2013-02-13 CVE-2012-3363 XXE vulnerability in multiple products
Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack.
network
low complexity
zend fedoraproject debian CWE-611
critical
9.1
2013-01-18 CVE-2012-5656 XXE vulnerability in multiple products
The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.
5.5
2012-10-22 CVE-2012-4406 Deserialization of Untrusted Data vulnerability in multiple products
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.
network
low complexity
openstack fedoraproject redhat CWE-502
critical
9.8
2012-06-17 CVE-2012-0037 XXE vulnerability in multiple products
Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
6.5