CVSS: 7.5EPSS: 3%CPEs: 17EXPL: 0CVE-2012-5836
https://notcve.org/view.php?id=CVE-2012-5836
21 Nov 2012 — Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0 y SeaMonkey antes de 2.14 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de vectores relacionad... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 4%CPEs: 28EXPL: 1CVE-2012-4216 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-4216
21 Nov 2012 — Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función gfxFont::GetFontEntry en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17.0, Thund... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 10.0EPSS: 5%CPEs: 17EXPL: 0CVE-2012-4218
https://notcve.org/view.php?id=CVE-2012-4218
21 Nov 2012 — Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función BuildTextRunsScanner::BreakSink::SetBreaks en Mozilla Firefox antes de v17.0, Thunderbird antes de v17.0 y SeaMonkey antes de v2.14 permite a los atacantes remotos ejecutar... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 0CVE-2012-4202 – Mozilla: Buffer overflow while rendering GIF images (MFSA 2012-92)
https://notcve.org/view.php?id=CVE-2012-4202
21 Nov 2012 — Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función image::RasterImage::DrawFrameTo en Mozilla Firefox antes de v17.0, Firefox ESR v10.x antes de v10.0.11, Thunderbird antes de v17.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-787: Out-of-bounds Write •
CVSS: 7.3EPSS: 0%CPEs: 184EXPL: 0CVE-2012-4206
https://notcve.org/view.php?id=CVE-2012-4206
21 Nov 2012 — Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Vulnerabilidad de no confianza de ruta de búsqueda en el instalador de Mozilla Firefox anterior a v17.0 y Firefox ESR v10.x anterior a v10.0.11 en Windows permite a usuarios locales obtener privilegios a través de un troyano DLL en el directorio predeterminado de descargas. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html •
CVSS: 9.8EPSS: 7%CPEs: 26EXPL: 0CVE-2012-5839 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-5839
21 Nov 2012 — Heap-based buffer overflow in the gfxShapedWord::CompressedGlyph::IsClusterStart function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en la función gfxShapedWord::CompressedGlyph::IsClusterStart en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird a... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 7%CPEs: 171EXPL: 0CVE-2012-4203
https://notcve.org/view.php?id=CVE-2012-4203
21 Nov 2012 — The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. Página en nueva pestaña en Mozilla Firefox antes de v17.0, utiliza un contexto con privilegios elevados para la ejecución de código javascript de bookmarklets, lo que permite a atacantes remotos asistidos por el usuario ejecutar programas arbitrarios mediante el aprovech... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 26EXPL: 1CVE-2012-4214 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-4214
21 Nov 2012 — Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-5840. Uso después de liberación en la función sTextEditorState::PrepareEditor en Mozilla Firefox antes de 17.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 26EXPL: 1CVE-2012-4215 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-4215
21 Nov 2012 — Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función sPlaintextEditor::FireClipboardEvent en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, T... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •
CVSS: 9.8EPSS: 7%CPEs: 28EXPL: 1CVE-2012-5829 – Mozilla: Use-after-free and buffer overflow issues found using Address Sanitizer (MFSA 2012-105)
https://notcve.org/view.php?id=CVE-2012-5829
21 Nov 2012 — Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en la función nsWindow::OnExposeEvent en Mozilla Firefox antes de v17.0, Firefox ESR v10.x antes de v10.0.11, Thunderbird antes de v17.0, Thunderbird ESR v10.x antes ... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •