CVSS: 9.8EPSS: 2%CPEs: 35EXPL: 0CVE-2012-1950 – Mozilla: Incorrect URL displayed in addressbar through drag and drop (MFSA 2012-43)
https://notcve.org/view.php?id=CVE-2012-1950
18 Jul 2012 — The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. La implementación de arrastrar y soltar en Mozilla Firefox v4.x a v13.0 y Firefox ESR v10.x antes v10.0.6 permite a atacantes remotos falsificar la barra de direcciones mediante la cancelación de la carga de una página. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 9.3EPSS: 30%CPEs: 127EXPL: 0CVE-2012-1952 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1952
18 Jul 2012 — The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. La función nsTableFrame::InsertFrames en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thun... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 115EXPL: 0CVE-2012-1960
https://notcve.org/view.php?id=CVE-2012-1960
18 Jul 2012 — The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. La función qcms_transform_data_rgb_out_lut_sse2 en la aplicación QCMS en Mozilla Firefox v4.x a v13.0, Thunderbird v5.0 a v13.0, y SeaMonkey antes de v2.11 podría permitir a atacantes re... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1961 – Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)
https://notcve.org/view.php?id=CVE-2012-1961
18 Jul 2012 — Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR 10.x antes de v10.0.6,... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2012-1966 – Mozilla: XSS and code execution through data: URLs (MFSA 2012-46)
https://notcve.org/view.php?id=CVE-2012-1966
18 Jul 2012 — Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. Mozilla Firefox v4.x hasta de v13.0 y Firefox ESR v10.x antes de v10.0.6 no tienen los mismos menús de contexto las restricciones para los datos: direcciones URL como para javascript: URL, que permite a atacantes remotos realizar cross-site scripting (XSS) a tra... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1953 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1953
18 Jul 2012 — The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. La función ElementAnimations::EnsureStyleRuleFor en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 127EXPL: 0CVE-2012-1958 – Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48)
https://notcve.org/view.php?id=CVE-2012-1958
18 Jul 2012 — Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. Una vulnerabilidad de uso después de liberación en la función de nsGlobalWindow::PageHidden en Mozilla Firefox v4.x av13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 50%CPEs: 127EXPL: 0CVE-2012-1951 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1951
18 Jul 2012 — Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. Una vulnerabilidad de uso después de liberación en la función nsSMILTimeValueSpec::IsEventBased en Mozilla Fi... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2012-1965 – Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)
https://notcve.org/view.php?id=CVE-2012-1965
18 Jul 2012 — Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. Mozilla Firefox v4.x a v13.0 y Firefox ESR v10.x antes de v10.0.6 no establecen debidamente el contexto de seguridad de una URL feed: , lo que permite a atacantes remotos evitar mecanismos de proteccion anti XSS (vulnerabilidades de ejecución de comand... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 61%CPEs: 127EXPL: 0CVE-2012-1954 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1954
18 Jul 2012 — Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. Una vulnerabilidad de uso después de liberación en la función nsDocument::adoptNode en Mozilla Firefox v4.x a... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •