CVSS: 6.8EPSS: 0%CPEs: 171EXPL: 0CVE-2012-5837
https://notcve.org/view.php?id=CVE-2012-5837
21 Nov 2012 — The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. Web Developer Toolbar en Mozilla Firefox antes de v17.0 ejecuta comandos con privilegios de chrome, que permite a atacantes remotos asistidos por el usuario para realizar ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de una cadena de caracteres manipulada. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 19EXPL: 1CVE-2012-4213
https://notcve.org/view.php?id=CVE-2012-4213
21 Nov 2012 — Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función nsEditor::FindNextLeafNode en Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0, y SeaMonkey antes de 2.14 permite a atacantes remotos ejecutar código arbitrario o causar una denega... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 7%CPEs: 171EXPL: 0CVE-2012-4203
https://notcve.org/view.php?id=CVE-2012-4203
21 Nov 2012 — The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. Página en nueva pestaña en Mozilla Firefox antes de v17.0, utiliza un contexto con privilegios elevados para la ejecución de código javascript de bookmarklets, lo que permite a atacantes remotos asistidos por el usuario ejecutar programas arbitrarios mediante el aprovech... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2012-4209 – Mozilla: Frames can shadow top.location (MFSA 2012-103)
https://notcve.org/view.php?id=CVE-2012-4209
21 Nov 2012 — Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a "top" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin. Mozilla Firefox anterior a v17.0, Firefox ESR v10.x anterior a v10.0.11, Thunderbird anterior a v17.0, Thunderbird ESR v10.x anterior a v10.0.11... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 0CVE-2012-4202 – Mozilla: Buffer overflow while rendering GIF images (MFSA 2012-92)
https://notcve.org/view.php?id=CVE-2012-4202
21 Nov 2012 — Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función image::RasterImage::DrawFrameTo en Mozilla Firefox antes de v17.0, Firefox ESR v10.x antes de v10.0.11, Thunderbird antes de v17.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 26EXPL: 1CVE-2012-4215 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-4215
21 Nov 2012 — Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función sPlaintextEditor::FireClipboardEvent en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, T... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 28EXPL: 0CVE-2012-5842 – Mozilla: Miscellaneous memory safety hazards (rv:10.0.11) (MFSA 2012-91)
https://notcve.org/view.php?id=CVE-2012-5842
21 Nov 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html •
CVSS: 10.0EPSS: 5%CPEs: 17EXPL: 0CVE-2012-4218
https://notcve.org/view.php?id=CVE-2012-4218
21 Nov 2012 — Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función BuildTextRunsScanner::BreakSink::SetBreaks en Mozilla Firefox antes de v17.0, Thunderbird antes de v17.0 y SeaMonkey antes de v2.14 permite a los atacantes remotos ejecutar... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 28EXPL: 1CVE-2012-4216 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-4216
21 Nov 2012 — Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función gfxFont::GetFontEntry en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17.0, Thund... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 19EXPL: 1CVE-2012-5838
https://notcve.org/view.php?id=CVE-2012-5838
21 Nov 2012 — The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. La implementación de copyTextImage2D en el susbistema WebGL en Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0 y SeaMonkey antes de 2.14, permite a atacantes remotos ejecutar código arbitrario o causar una denegaci... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •