Page 123 of 881 results (0.052 seconds)

CVSS: 9.3EPSS: 6%CPEs: 62EXPL: 0

CVE-2012-1134 – freetype: limited heap buffer overflow in Type1 parser T1_Get_Private_Dict() (#35608)

https://notcve.org/view.php?id=CVE-2012-1134

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font. FreeType antes de v2.4.9, tal como se utiliza en Mozilla Firefox Mobile antes de v10.0.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (operación no válida de escritura y corrupción de memoria) o posiblemente ejecutar código arbitrario a través de datos modificados del diccionario privado en una fuente Type 1. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0467.html http://secunia.com/advisories/48300 http://secunia.com/advisories/48508 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 6%CPEs: 62EXPL: 0

CVE-2012-1142 – freetype: incorrect computation of number of glyphs in FNT_Face_Init() for FNT/FON files (#35659)

https://notcve.org/view.php?id=CVE-2012-1142

FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font. FreeType antes de v2.4.9, tal como se utiliza en Mozilla Firefox Mobile antes de v10.0.4 y otros productos, permite a atacantes remotos causar una denegación de servicio (operación no válida de escritura y corrupción de memoria) o posiblemente ejecutar código arbitrario a través del perfil modificado del glifo de una fuente. • http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0467.html http://secunia.com/advisories/48300 http://secunia.com/advisories/48508 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 59%CPEs: 126EXPL: 0

CVE-2012-0443

https://notcve.org/view.php?id=CVE-2012-0443

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta la v9.0, Thunderbird v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=665578 https://bugzilla.mozilla.org/show_bug.cgi?id=684938 https://bugzilla.mozilla.org/show_bug.cgi?id=692817 https://bugzilla.mozilla.org/show_bug.cgi? •

CVSS: 9.3EPSS: 2%CPEs: 15EXPL: 0

CVE-2012-0449 – Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)

https://notcve.org/view.php?id=CVE-2012-0449

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. Mozilla Firefox antes de v3.6.26 y v4.x hasta v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta v9.0, y SeaMonkey antes de v2.7, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de una hoja de estilos XSLT que se encuentra embebida en un documento. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-08.html h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 2

CVE-2011-3659 – Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-3659

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Una vulnerabilidad de uso después de liberaciónen Mozilla Firefox antes de v3.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores relacionados con notificaciones AttributeChildRemoved incorrectas que afectan el acceso a nodos hijos nsDOMAttribute. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles nsDOMAttribute child removal. • https://www.exploit-db.com/exploits/18870 http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-04.html https://bugzilla.mozilla.org/show_bug.cgi?id=708198 https://oval.cisecurity.org/repository/search/definit • CWE-416: Use After Free •