CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 1CVE-2012-4196 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4196
29 Oct 2012 — Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. Mozilla Firefox anteriores a v16.0.2, Firefox ESR v10.x anteriores a v10.0.10, Thunderbird anteriores a v16.0.2, Thunderbird ESR v10.x anteriores a v10.0.10, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 0CVE-2012-4195 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4195
29 Oct 2012 — The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. La fu... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2012-4193 – Mozilla: defaultValue security checks not applied (MFSA 2012-89)
https://notcve.org/view.php?id=CVE-2012-4193
12 Oct 2012 — Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. Mozilla Firefox anteriores a v16.0.1, Firefox ESR v10.x anteriores a v10.0.9, Thunderbird an... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 4%CPEs: 170EXPL: 0CVE-2012-4190
https://notcve.org/view.php?id=CVE-2012-4190
12 Oct 2012 — The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. La función FT2FontEntry::CreateFontEntry en FreeType, como la usada por Android en Mozilla Firefox anteriores a v16.0.1 en CyanogenMod 10, permite a atacantes remotos provocar la denegación de servicio (corrupción de mem... • http://www.mozilla.org/security/announce/2012/mfsa2012-88.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 7EXPL: 0CVE-2012-4191
https://notcve.org/view.php?id=CVE-2012-4191
12 Oct 2012 — The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. La función mozilla::net::FailDelayManager::Lookup en la implementación de WebSockets en Mozilla Firefox anteriores a v16.0.1, Thunderbird anteriores a v16.0.1, y SeaMonkey anteiores a... • http://osvdb.org/86125 • CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3994 – Mozilla: top object and location property accessible by plugins (MFSA 2012-82)
https://notcve.org/view.php?id=CVE-2012-3994
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 22EXPL: 0CVE-2012-4187 – Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)
https://notcve.org/view.php?id=CVE-2012-4187
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3985
https://notcve.org/view.php?id=CVE-2012-3985
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. Mozilla Firefox v16.0, Thunderbird antes de v16.0, y SeaMonkey antes de v2.13, no aplica correctamente la política de mismo origen de HTML5, lo que permite a atacantes remotos realizar ataques de ejecución de comandos en sitios ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 12EXPL: 0CVE-2012-3989
https://notcve.org/view.php?id=CVE-2012-3989
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. Mozilla Firefox v16.0, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no realiza una conversión de una variable no especificada durant... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 23EXPL: 0CVE-2012-4183 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4183
10 Oct 2012 — Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función DOMSVGTests::GetRequiredFeatures en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, T... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •