CVSS: 10.0EPSS: 4%CPEs: 26EXPL: 0CVE-2012-1973 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1973
29 Aug 2012 — Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsObjectLoadingContent::LoadObject en Mozilla Firefox anterior a v15.0, Firefox ESR v1... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 26EXPL: 0CVE-2012-1972 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1972
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditor::CollapseAdjacentTextNodes en Mozilla Firefox anterior a v15.0, Fire... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 328EXPL: 0CVE-2012-1956 – Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)
https://notcve.org/view.php?id=CVE-2012-1956
29 Aug 2012 — Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0 y SeaMonkey anterior a v2.12 no impiden el uso del método Object.defineProperty a la sombra de la localización de objetos (window.location a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 26EXPL: 0CVE-2012-3959 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3959
29 Aug 2012 — Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsRangeUpdater::SelAdjDeleteNode en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 24EXPL: 0CVE-2012-3963 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3963
29 Aug 2012 — Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función js::gc::MapAllocToTraceKind en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ES... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 342EXPL: 0CVE-2012-3958 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3958
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditRules::DeleteNonTableElements en Mozilla Firefox anterior a v15.0, Fire... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 147EXPL: 0CVE-2012-3965 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2012-3965
29 Aug 2012 — Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window. Mozilla Firefox anterior a v15.0 no restringe adecuadamente en una página about:newtab, lo que permite a atacantes remotos ejecutar códigos JavaScript con privilegios chrome a través de un sitio web manipulado que evita la creación de una nueva pes... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 328EXPL: 0CVE-2012-1971 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2012-1971
29 Aug 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox anterior a v15.0,y SeaMonkey anterior a v2.12 perm... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html •
CVSS: 9.8EPSS: 3%CPEs: 342EXPL: 0CVE-2012-3969 – Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)
https://notcve.org/view.php?id=CVE-2012-3969
29 Aug 2012 — Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. Desbordamiento de entero en la función nsSVGFEMorphologyElement::Filter en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-189: Numeric Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 328EXPL: 0CVE-2012-3971 – Ubuntu Security Notice USN-1551-2
https://notcve.org/view.php?id=CVE-2012-3971
29 Aug 2012 — Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Summer Institute of Linguistics (SIL) Graphite v2, cuando es usado en Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0, y SeaMonkey anterior a v2.12, permite a atacantes rem... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •