CVSS: 6.1EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1957 – Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47)
https://notcve.org/view.php?id=CVE-2012-1957
18 Jul 2012 — An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. Una utilidad de parseo no especificado en Mozilla Firefox v4.x a v13.0v, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbir... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1963 – Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)
https://notcve.org/view.php?id=CVE-2012-1963
18 Jul 2012 — The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. La Política de Seguridad de Contenidos (CSP) en Mozilla Firefox v4.x a v13.0, Firefox ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 35EXPL: 0CVE-2012-1950 – Mozilla: Incorrect URL displayed in addressbar through drag and drop (MFSA 2012-43)
https://notcve.org/view.php?id=CVE-2012-1950
18 Jul 2012 — The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. La implementación de arrastrar y soltar en Mozilla Firefox v4.x a v13.0 y Firefox ESR v10.x antes v10.0.6 permite a atacantes remotos falsificar la barra de direcciones mediante la cancelación de la carga de una página. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 9.3EPSS: 30%CPEs: 127EXPL: 0CVE-2012-1952 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1952
18 Jul 2012 — The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. La función nsTableFrame::InsertFrames en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thun... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 115EXPL: 0CVE-2012-1960
https://notcve.org/view.php?id=CVE-2012-1960
18 Jul 2012 — The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. La función qcms_transform_data_rgb_out_lut_sse2 en la aplicación QCMS en Mozilla Firefox v4.x a v13.0, Thunderbird v5.0 a v13.0, y SeaMonkey antes de v2.11 podría permitir a atacantes re... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1961 – Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)
https://notcve.org/view.php?id=CVE-2012-1961
18 Jul 2012 — Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR 10.x antes de v10.0.6,... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2012-1966 – Mozilla: XSS and code execution through data: URLs (MFSA 2012-46)
https://notcve.org/view.php?id=CVE-2012-1966
18 Jul 2012 — Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. Mozilla Firefox v4.x hasta de v13.0 y Firefox ESR v10.x antes de v10.0.6 no tienen los mismos menús de contexto las restricciones para los datos: direcciones URL como para javascript: URL, que permite a atacantes remotos realizar cross-site scripting (XSS) a tra... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1953 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1953
18 Jul 2012 — The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. La función ElementAnimations::EnsureStyleRuleFor en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 127EXPL: 0CVE-2012-1958 – Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48)
https://notcve.org/view.php?id=CVE-2012-1958
18 Jul 2012 — Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. Una vulnerabilidad de uso después de liberación en la función de nsGlobalWindow::PageHidden en Mozilla Firefox v4.x av13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 50%CPEs: 127EXPL: 0CVE-2012-1951 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1951
18 Jul 2012 — Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. Una vulnerabilidad de uso después de liberación en la función nsSMILTimeValueSpec::IsEventBased en Mozilla Fi... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •