CVSS: 10.0EPSS: 2%CPEs: 342EXPL: 0CVE-2012-3970 – Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)
https://notcve.org/view.php?id=CVE-2012-3970
29 Aug 2012 — Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. Vulnerabilidad de liberación después de uso en la función nsTArray_base::Length en Mozilla Fi... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 26EXPL: 0CVE-2012-3972 – Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
https://notcve.org/view.php?id=CVE-2012-3972
29 Aug 2012 — The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. La funcionalidad format-number en la implementación XSLT en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.3EPSS: 0%CPEs: 269EXPL: 0CVE-2012-3974
https://notcve.org/view.php?id=CVE-2012-3974
29 Aug 2012 — Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. Vulnerabilidad de búsqueda no segura de ruta en el instalador en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7 en Windows permite... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 342EXPL: 0CVE-2012-3978 – Mozilla: Location object security checks bypassed by chrome code (MFSA 2012-70)
https://notcve.org/view.php?id=CVE-2012-3978
29 Aug 2012 — The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. La función nsLocation::CheckURL en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 1%CPEs: 263EXPL: 0CVE-2012-3980 – Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72)
https://notcve.org/view.php?id=CVE-2012-3980
29 Aug 2012 — The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. La consola web en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, y Thunderbird ESR v10.x anterior a v10.0.7 permite a atacantes remotos a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 3%CPEs: 127EXPL: 0CVE-2012-1948 – Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42)
https://notcve.org/view.php?id=CVE-2012-1948
18 Jul 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thu... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 10.0EPSS: 3%CPEs: 127EXPL: 0CVE-2012-1951 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1951
18 Jul 2012 — Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. Una vulnerabilidad de uso después de liberación en la función nsSMILTimeValueSpec::IsEventBased en Mozilla Fi... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 127EXPL: 0CVE-2012-1952 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1952
18 Jul 2012 — The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. La función nsTableFrame::InsertFrames en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thun... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 127EXPL: 0CVE-2012-1953 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1953
18 Jul 2012 — The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. La función ElementAnimations::EnsureStyleRuleFor en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 127EXPL: 0CVE-2012-1954 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1954
18 Jul 2012 — Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. Una vulnerabilidad de uso después de liberación en la función nsDocument::adoptNode en Mozilla Firefox v4.x a... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •