CVSS: 10.0EPSS: 4%CPEs: 26EXPL: 0CVE-2012-3959 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3959
29 Aug 2012 — Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsRangeUpdater::SelAdjDeleteNode en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 6.1EPSS: 0%CPEs: 328EXPL: 0CVE-2012-1956 – Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)
https://notcve.org/view.php?id=CVE-2012-1956
29 Aug 2012 — Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0 y SeaMonkey anterior a v2.12 no impiden el uso del método Object.defineProperty a la sombra de la localización de objetos (window.location a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 3%CPEs: 24EXPL: 0CVE-2012-3960 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3960
29 Aug 2012 — Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función mozSpellChecker::SetCurrentDictionary en Mozilla Firefox anterior a v15.0, Firefox ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 1%CPEs: 179EXPL: 0CVE-2012-3979
https://notcve.org/view.php?id=CVE-2012-3979
29 Aug 2012 — Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. Mozilla Firefox anterior a v15.0 en Android no implementa correctamente los (callers) de la función __android_log_print, lo que permite a atacantes remotos ejecutar código arbitrario a través de una página web diseñada que llama a la función de volcado JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html •
CVSS: 10.0EPSS: 2%CPEs: 24EXPL: 0CVE-2012-3968 – Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62)
https://notcve.org/view.php?id=CVE-2012-3968
29 Aug 2012 — Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. Vulnerabilidad de liberación después de uso en la implementación WebGL en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderb... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 269EXPL: 0CVE-2012-3974
https://notcve.org/view.php?id=CVE-2012-3974
29 Aug 2012 — Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. Vulnerabilidad de búsqueda no segura de ruta en el instalador en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7 en Windows permite... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 263EXPL: 0CVE-2012-3980 – Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72)
https://notcve.org/view.php?id=CVE-2012-3980
29 Aug 2012 — The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. La consola web en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, y Thunderbird ESR v10.x anterior a v10.0.7 permite a atacantes remotos a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1955 – Mozilla: Spoofing issue with location (MFSA 2012-45)
https://notcve.org/view.php?id=CVE-2012-1955
18 Jul 2012 — Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permiten a atacantes remotos falsificar los datos de la barra de direcciones a través... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 6.1EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1957 – Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47)
https://notcve.org/view.php?id=CVE-2012-1957
18 Jul 2012 — An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. Una utilidad de parseo no especificado en Mozilla Firefox v4.x a v13.0v, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbir... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1963 – Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)
https://notcve.org/view.php?id=CVE-2012-1963
18 Jul 2012 — The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. La Política de Seguridad de Contenidos (CSP) en Mozilla Firefox v4.x a v13.0, Firefox ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-264: Permissions, Privileges, and Access Controls •