CVSS: 6.8EPSS: 1%CPEs: 27EXPL: 0CVE-2012-4195 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4195
26 Oct 2012 — The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. La fu... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 8%CPEs: 170EXPL: 0CVE-2012-4190 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2012-4190
12 Oct 2012 — The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. La función FT2FontEntry::CreateFontEntry en FreeType, como la usada por Android en Mozilla Firefox anteriores a v16.0.1 en CyanogenMod 10, permite a atacantes remotos provocar la denegación de servicio (corrupción de mem... • http://www.mozilla.org/security/announce/2012/mfsa2012-88.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2012-4193 – Mozilla: defaultValue security checks not applied (MFSA 2012-89)
https://notcve.org/view.php?id=CVE-2012-4193
12 Oct 2012 — Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. Mozilla Firefox anteriores a v16.0.1, Firefox ESR v10.x anteriores a v10.0.9, Thunderbird an... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-346: Origin Validation Error •
CVSS: 9.3EPSS: 1%CPEs: 7EXPL: 0CVE-2012-4191 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2012-4191
12 Oct 2012 — The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. La función mozilla::net::FailDelayManager::Lookup en la implementación de WebSockets en Mozilla Firefox anteriores a v16.0.1, Thunderbird anteriores a v16.0.1, y SeaMonkey anteiores a... • http://osvdb.org/86125 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5354 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2012-5354
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984. Mozilla Firefox anteriores a v16.0, Thunderbird anteriores a v16.0 y SeaMonkey anteriores a v2.13 no manejan apropiadamente la navegac... • http://osvdb.org/86171 •
CVSS: 8.1EPSS: 0%CPEs: 167EXPL: 0CVE-2012-3987
https://notcve.org/view.php?id=CVE-2012-3987
10 Oct 2012 — Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Mozilla Firefox antes de v16.0 en Android asigna privilegios chrome a páginas Reader Mode, lo que permite a atacantes remotos asistidos por el usuario eludir restricciones de acceso destinados a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3985 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2012-3985
09 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. Mozilla Firefox v16.0, Thunderbird antes de v16.0, y SeaMonkey antes de v2.13, no aplica correctamente la política de mismo origen de HTML5, lo que permite a atacantes remotos realizar ataques de ejecución de comandos en sitios ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 4%CPEs: 23EXPL: 0CVE-2012-4182 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4182
09 Oct 2012 — Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::WillInsert en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 6.8EPSS: 2%CPEs: 12EXPL: 0CVE-2012-3984 – Gentoo Linux Security Advisory 201301-01
https://notcve.org/view.php?id=CVE-2012-3984
09 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. Mozilla Firefox v16.0, Thunderbird antes de v16.0, y SeaMonkey antes de v2.13, no controla correctamente la navegación más allá de una página web que tiene activo un elemento de menú SELECT, lo que permite a atacantes remotos ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html •
CVSS: 9.8EPSS: 1%CPEs: 23EXPL: 0CVE-2012-3982 – Mozilla: Miscellaneous memory safety hazards (rv:10.0.8) (MFSA 2012-74)
https://notcve.org/view.php?id=CVE-2012-3982
09 Oct 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html •