CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3976 – Mozilla: Incorrect site SSL certificate data display (MFSA 2012-69)
https://notcve.org/view.php?id=CVE-2012-3976
29 Aug 2012 — Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. Mozilla Firefox anterior a v15.0, Firefox ESR 10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 no maneja adecuadamente los eventos onLocationChange durante la navegación entre los diferentes sitios https, lo ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 147EXPL: 0CVE-2012-3965
https://notcve.org/view.php?id=CVE-2012-3965
29 Aug 2012 — Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. Mozilla Firefox anterior a v15.0 no restringe adecuadamente en una página about:newtab, lo que permite a atacantes remotos ejecutar códigos JavaScript con privilegios chrome a través de un sitio web manipulado que evita la creación de una nueva pes... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 26%CPEs: 342EXPL: 0CVE-2012-3958 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3958
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditRules::DeleteNonTableElements en Mozilla Firefox anterior a v15.0, Fire... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 26EXPL: 0CVE-2012-1973 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1973
29 Aug 2012 — Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsObjectLoadingContent::LoadObject en Mozilla Firefox anterior a v15.0, Firefox ESR v1... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 14%CPEs: 342EXPL: 0CVE-2012-3966 – Mozilla: Memory corruption with bitmap format images with negative height (MFSA 2012-61)
https://notcve.org/view.php?id=CVE-2012-3966
29 Aug 2012 — Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a negative height value in a BMP image within a .ICO file, related to (1) improper handling of the transparency bitmask by the nsICODecoder component and (2) improper processing of the alpha channel by the nsBMPDecoder component. Mozilla Firefox anterior a v15.0... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 328EXPL: 0CVE-2012-1971
https://notcve.org/view.php?id=CVE-2012-1971
29 Aug 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox anterior a v15.0,y SeaMonkey anterior a v2.12 perm... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html •
CVSS: 10.0EPSS: 4%CPEs: 26EXPL: 0CVE-2012-1972 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1972
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditor::CollapseAdjacentTextNodes en Mozilla Firefox anterior a v15.0, Fire... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 4%CPEs: 24EXPL: 0CVE-2012-1976 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1976
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLSelectElement::SubmitNamesValues en Mozilla Firefox anterior a v15.0, Firefo... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 10%CPEs: 342EXPL: 0CVE-2012-3962 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3962
29 Aug 2012 — Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document. Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 no itera adecuadamente hasta el caracter en una e... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 24EXPL: 1CVE-2012-3961 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3961
29 Aug 2012 — Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la implementación RangeData en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •