Page 119 of 881 results (0.044 seconds)

CVSS: 10.0EPSS: 11%CPEs: 166EXPL: 0

CVE-2012-0469 – Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22)

https://notcve.org/view.php?id=CVE-2012-0469

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. Vulnerabilidad de error en la gestión de recursos en la función mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con datos IndexedBD modificados. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-22.html http://www.securityfocus.com/bid/53220 https://bugzilla.mozilla.org/show_bug.cgi?id=738985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16734 https: • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 10.0EPSS: 13%CPEs: 166EXPL: 0

CVE-2012-0470 – Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23)

https://notcve.org/view.php?id=CVE-2012-0470

Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." Desbordamiento de búfer basado en memoria dinámica en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a atacantes remotos provocar una denegación de servicio (operación sin gfxImageSurface no válida) o posiblemente ejecutar código de su elección aprovechando el uso de "diferentes sistemas numéricos". • http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.debian.org/security/2012/dsa-2457 http://www.debian.org/security/2012/dsa-2458 http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 21%CPEs: 165EXPL: 0

CVE-2012-0467 – Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20)

https://notcve.org/view.php?id=CVE-2012-0467

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.debian.org/security/2012/dsa-2457 http://www.debian.org/security/2012/dsa-2458 http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security •

CVSS: 9.3EPSS: 6%CPEs: 62EXPL: 0

CVE-2012-1131 – freetype: incorrect type cast allowing input sanity check bypass in ft_smooth_render_generic() (#35604)

https://notcve.org/view.php?id=CVE-2012-1131

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font. FreeType antes de v2.4.9, tal como se utiliza en Mozilla Firefox Mobile antes de v10.0.4 y otros productos, en plataformas de 64 bits, permite a atacantes remotos causar una denegación de servicio (operación no válida de escritura y corrupción de memoria) o posiblemente ejecutar código arbitrario a través de vectores relacionados con la celda de una tabla de una fuente. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0467.html http://secunia.com/advisories/48508 http://secunia.com/advisories/48758 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 9.3EPSS: 6%CPEs: 62EXPL: 0

CVE-2012-1132 – freetype: heap buffer over-read in Type1 parser parse_subrs() (#35606)

https://notcve.org/view.php?id=CVE-2012-1132

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font. FreeType antes de v2.4.9, tal como se utiliza en Mozilla Firefox Mobile antes de v10.0.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (operación no válida de escritura y corrupción de memoria) o posiblemente ejecutar código arbitrario a través de datos modificados del diccionario en una fuente Type 1. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0467.html http://secunia.com/advisories/48508 http://secunia.com/advisories/48758 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •