CVSS: 9.3EPSS: 3%CPEs: 16EXPL: 0CVE-2012-4181 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4181
10 Oct 2012 — Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsSMILAnimationController::DoSample en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2012-3982 – Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74)
https://notcve.org/view.php?id=CVE-2012-3982
10 Oct 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html •
CVSS: 9.8EPSS: 6%CPEs: 22EXPL: 0CVE-2012-3988 – Mozilla: DOS and crash with full screen and history navigation (MFSA 2012-79)
https://notcve.org/view.php?id=CVE-2012-3988
10 Oct 2012 — Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. Vulnerabilidad de uso después de liberación en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 2%CPEs: 23EXPL: 0CVE-2012-4182 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4182
10 Oct 2012 — Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::WillInsert en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 10.0EPSS: 5%CPEs: 12EXPL: 0CVE-2012-3983
https://notcve.org/view.php?id=CVE-2012-3983
10 Oct 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v16.0, Thunderbird antes 16.0 y SeaMonkey antes de v2.13, permitir a atacantes remotos provocar una denegación de servicio... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 23EXPL: 0CVE-2012-3990 – Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87)
https://notcve.org/view.php?id=CVE-2012-3990
10 Oct 2012 — Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Vulnerabilidad de uso después de liberación en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 24EXPL: 0CVE-2012-3963 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3963
29 Aug 2012 — Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función js::gc::MapAllocToTraceKind en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ES... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 17%CPEs: 342EXPL: 0CVE-2012-3969 – Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)
https://notcve.org/view.php?id=CVE-2012-3969
29 Aug 2012 — Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. Desbordamiento de entero en la función nsSVGFEMorphologyElement::Filter en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-189: Numeric Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 342EXPL: 0CVE-2012-3978 – Mozilla: Location object security checks bypassed by chrome code (MFSA 2012-70)
https://notcve.org/view.php?id=CVE-2012-3978
29 Aug 2012 — The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. La función nsLocation::CheckURL en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 328EXPL: 0CVE-2012-3975
https://notcve.org/view.php?id=CVE-2012-3975
29 Aug 2012 — The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. El componente DOMParser en Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0, y SeaMonkey anterior a v2.12 carga subrecursos durante el análisis de los datos de texto / html dentro de una extensión, qu... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •