CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2012-1965 – Mozilla: feed: URLs with an innerURI inherit security context of page (MFSA 2012-55)
https://notcve.org/view.php?id=CVE-2012-1965
18 Jul 2012 — Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. Mozilla Firefox v4.x a v13.0 y Firefox ESR v10.x antes de v10.0.6 no establecen debidamente el contexto de seguridad de una URL feed: , lo que permite a atacantes remotos evitar mecanismos de proteccion anti XSS (vulnerabilidades de ejecución de comand... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 61%CPEs: 127EXPL: 0CVE-2012-1954 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1954
18 Jul 2012 — Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. Una vulnerabilidad de uso después de liberación en la función nsDocument::adoptNode en Mozilla Firefox v4.x a... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1967 – Mozilla: Code execution through javascript: URLs (MFSA 2012-56)
https://notcve.org/view.php?id=CVE-2012-1967
18 Jul 2012 — Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6 y SeaMonkey antes de v2.11 no implementan adecuada... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 10.0EPSS: 50%CPEs: 127EXPL: 0CVE-2012-1962 – Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)
https://notcve.org/view.php?id=CVE-2012-1962
18 Jul 2012 — Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. Una vulnerabilidad de uso después de liberación en la función JSDependentString::undepend en Mozilla Firefox v4.... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 126EXPL: 0CVE-2012-1964 – Mozilla: Clickjacking of certificate warning page (MFSA 2012-54)
https://notcve.org/view.php?id=CVE-2012-1964
18 Jul 2012 — The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element. La funcionalidad de aviso de certificados en browser/compone... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 9.8EPSS: 7%CPEs: 115EXPL: 0CVE-2012-1949
https://notcve.org/view.php?id=CVE-2012-1949
18 Jul 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v13.0, Thunderbird v5.0 a v13.0, y SeaMonkey antes de v2.11 permite a atacantes remotos causar una denegación de s... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 9.1EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1959 – Mozilla: Same-compartment Security Wrappers can be bypassed (MFSA 2012-49)
https://notcve.org/view.php?id=CVE-2012-1959
18 Jul 2012 — Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y Se... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 7%CPEs: 127EXPL: 0CVE-2012-1948 – Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42)
https://notcve.org/view.php?id=CVE-2012-1948
18 Jul 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thu... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 8.8EPSS: 3%CPEs: 100EXPL: 0CVE-2011-3671 – Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3671
18 Jun 2012 — Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. Vulnerabilidad de uso después de la liberación en la anterior a v2.6, permite a atacantes remotos ejecutar código arbitrario mediante la vectores que implican la eliminación del nodo padre de un elemento. This vulner... • http://www.mozilla.org/security/announce/2012/mfsa2012-41.html • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 171EXPL: 0CVE-2012-1945 – Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)
https://notcve.org/view.php?id=CVE-2012-1945
05 Jun 2012 — Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. Mozilla Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes d... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •