CVSS: 9.3EPSS: 0%CPEs: 379EXPL: 2CVE-2012-3993 – Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution
https://notcve.org/view.php?id=CVE-2012-3993
10 Oct 2012 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox v16.0, Firefox ESR v10... • https://packetstorm.news/files/id/124564 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 40%CPEs: 23EXPL: 0CVE-2012-4186 – Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)
https://notcve.org/view.php?id=CVE-2012-4186
10 Oct 2012 — Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en la función nsWaveReader::DecodeAudioData en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey ant... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 23EXPL: 0CVE-2012-3986 – Mozilla: Some DOMWindowUtils methods bypass security checks (MFSA 2012-77)
https://notcve.org/view.php?id=CVE-2012-3986
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no restringe correctamente las... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3992 – Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84)
https://notcve.org/view.php?id=CVE-2012-3992
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3984
https://notcve.org/view.php?id=CVE-2012-3984
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. Mozilla Firefox v16.0, Thunderbird antes de v16.0, y SeaMonkey antes de v2.13, no controla correctamente la navegación más allá de una página web que tiene activo un elemento de menú SELECT, lo que permite a atacantes remotos ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html •
CVSS: 9.3EPSS: 2%CPEs: 22EXPL: 0CVE-2012-3995 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-3995
10 Oct 2012 — The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función IsCSSWordSpacingSpace en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, permite a ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 6%CPEs: 22EXPL: 0CVE-2012-4185 – Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)
https://notcve.org/view.php?id=CVE-2012-4185
10 Oct 2012 — Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Desbordamiento de búfer en la función nsCharTraits::length en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2012-5354
https://notcve.org/view.php?id=CVE-2012-5354
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. Mozilla Firefox anteriores a v16.0, Thunderbird anteriores a v16.0 y SeaMonkey anteriores a v2.13 no manejan apropiadamente la navegac... • http://osvdb.org/86171 •
CVSS: 8.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-3987
https://notcve.org/view.php?id=CVE-2012-3987
10 Oct 2012 — Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Mozilla Firefox antes de v16.0 en Android asigna privilegios chrome a páginas Reader Mode, lo que permite a atacantes remotos asistidos por el usuario eludir restricciones de acceso destinados a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 2%CPEs: 23EXPL: 0CVE-2012-4179 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4179
10 Oct 2012 — Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la funciónn sHTMLCSSUtils::CreateCSSPropertyTxn en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v1... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •