CVSS: 8.8EPSS: 2%CPEs: 28EXPL: 1CVE-2012-5830 – Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)
https://notcve.org/view.php?id=CVE-2012-5830
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document. Vulnerabilidad de uso después de liberación en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17.0, Thunderbird ESR 10.x antes de 10.0.11, y SeaMonkey antes de 2.14 en Mac OS X permite a atacantes remotos ejecutar código arbitrario a través de un documento HTML. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://osvdb.org/87598 http://rhn.redhat.com/errata/RHSA-2012-1482.html http://rhn.redhat.com/errata/RHSA-2012-1483.html http://secunia.com&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 1CVE-2012-4196 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4196
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. Mozilla Firefox anteriores a v16.0.2, Firefox ESR v10.x anteriores a v10.0.10, Thunderbird anteriores a v16.0.2, Thunderbird ESR v10.x anteriores a v10.0.10, y SeaMonkey anteriores a v2.13.2, permiten a atacantes remotos evitar la Same Origin Policy y leer la localización del objeto a través de un ataque "prototype property-injection" que elimina ciertos mecanismos de protección para ese objeto. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html http://rhn.redhat.com/errata/RHSA-2012-1407.html http://rhn.redhat.com/errata/RHSA-2012-1413.html http://secunia.com/advisories/51121 http://secunia.com/advisories/51123 http://secunia.com/advisories/51127 http://secunia.com/advisories/51144 http://secunia.com/advisories/51146 http://secunia.com/advisories/51147 http://secunia.c • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 1CVE-2012-4194 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4194
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Mozilla Firefox anteriores a v16.0.2, Firefox ESR v10.x anteriores a v10.0.10, Thunderbird anteriores a v16.0.2, Thunderbird ESR v10.x anteriores a v10.0.10, y SeaMonkey anteriores a v2.13.2 no previenen el uso del método valueOf method para ocultar la ubicación el objeto (también conocido como window.location), lo que hace que sea más fácil para los atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados(XSS) a través de vectores relacionados con un plugin. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html http://rhn.redhat.com/errata/RHSA-2012-1407.html http://rhn.redhat.com/errata/RHSA-2012-1413.html http://secunia.com/advisories/51121 http://secunia.com/advisories/51123 http://secunia.com/advisories/51127 http://secunia.com/advisories/51144 http://secunia.com/advisories/51146 http://secunia.com/advisories/51147 http://secunia.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 0CVE-2012-4195 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4195
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. La función nsLocation::CheckURL en Mozilla Firefox anteriores a v16.0.2, Firefox ESR 10.x anteriores a v10.0.10, Thunderbird anteriores a v16.0.2, Thunderbird ESR v10.x anteriores a v10.0.10, y SeaMonkey anteriores a v2.13.2 no determina de forma adecuada el documento que llama y principal en su valor de retorno, lo que facilita a atacantes remotos a conducir ataques de ejecución de secuencias de comandos en sitios cruzados (XSS)a través de un sitio Web manipulado y facilita a atacantes remotos a ejecutar código Javascript aprovechando ciertos comportamiento de complementos. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00025.html http://rhn.redhat.com/errata/RHSA-2012-1407.html http://rhn.redhat.com/errata/RHSA-2012-1413.html http://secunia.com/advisories/51121 http://secunia.com/advisories/51123 http://secunia.com/advisories/51127 http://secunia.com/advisories/51144 http://secunia.com/advisories/51146 http://secunia.com/advisories/51147 http://secunia.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0CVE-2012-5080
https://notcve.org/view.php?id=CVE-2012-5080
Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078. Vulnerabilidad no especificada en el componente JavaFX en Oracle Java SE JavaFX 2.2 y versiones anteriores permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2012-5078. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html http://www.securityfocus.com/bid/56068 https://exchange.xforce.ibmcloud.com/vulnerabilities/79439 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16221 •