CVSS: 10.0EPSS: 26%CPEs: 165EXPL: 0CVE-2012-0467 – Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20)
https://notcve.org/view.php?id=CVE-2012-0467
25 Apr 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, ... • http://secunia.com/advisories/48920 •
CVSS: 6.1EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0474 – Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27)
https://notcve.org/view.php?id=CVE-2012-0474
25 Apr 2012 — Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." Múltiples vulnerabilidades de ejcución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR... • http://secunia.com/advisories/48972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 15%CPEs: 166EXPL: 0CVE-2012-0469 – Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22)
https://notcve.org/view.php?id=CVE-2012-0469
25 Apr 2012 — Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. Vulnerabilidad de error en la gestión de recursos en la función mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace en Mozilla Firefox v4.x ... • http://secunia.com/advisories/48972 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 165EXPL: 0CVE-2012-0479 – Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33)
https://notcve.org/view.php?id=CVE-2012-0479
25 Apr 2012 — Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 permite a atacantes remotos falsificar la barra de dirección a través de una UR... • http://secunia.com/advisories/48920 •
CVSS: 10.0EPSS: 16%CPEs: 157EXPL: 0CVE-2012-0468 – Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20)
https://notcve.org/view.php?id=CVE-2012-0468
25 Apr 2012 — The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. El motor del navegador en en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a ... • http://secunia.com/advisories/48972 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 164EXPL: 0CVE-2012-0472 – Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25)
https://notcve.org/view.php?id=CVE-2012-0472
25 Apr 2012 — The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. La implementación de cairo-dwrite en Mozilla Firefox v4.x hast... • http://secunia.com/advisories/48972 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0473 – Mozilla: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error (MFSA 2012-26)
https://notcve.org/view.php?id=CVE-2012-0473
25 Apr 2012 — The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. La función WebGLBuffer::FindMaxUshortElement en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes d... • http://secunia.com/advisories/48972 • CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0477 – Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)
https://notcve.org/view.php?id=CVE-2012-0477
25 Apr 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. Múltiples vulnerabilidades de ejcución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 ... • http://secunia.com/advisories/48920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 20%CPEs: 166EXPL: 0CVE-2012-0470 – Mozilla: Invalid frees causes heap corruption in gfxImageSurface (MFSA 2012-23)
https://notcve.org/view.php?id=CVE-2012-0470
25 Apr 2012 — Heap-based buffer overflow in the nsSVGFEDiffuseLightingElement::LightPixel function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (invalid gfxImageSurface free operation) or possibly execute arbitrary code by leveraging the use of "different number systems." Desbordamiento de búfer basado en memoria dinámica en Mozilla Firefox v4.x hasta v11.... • http://secunia.com/advisories/48920 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0471 – Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24)
https://notcve.org/view.php?id=CVE-2012-0471
25 Apr 2012 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. Ejecución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey a... • http://secunia.com/advisories/48920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •