CVSS: 9.8EPSS: 6%CPEs: 114EXPL: 0CVE-2012-0464 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0464
14 Mar 2012 — Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. Vulnerabilidad en la gestión de recursos en el motor del navegador de Mozilla Firefox v3.6... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 0CVE-2012-0455 – Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13)
https://notcve.org/view.php?id=CVE-2012-0455
14 Mar 2012 — Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. Mozilla Firefox antes de v3.6.28 y v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thun... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 140EXPL: 0CVE-2012-0451 – Mozilla: XSS with multiple Content Security Policy headers (MFSA 2012-15)
https://notcve.org/view.php?id=CVE-2012-0451
14 Mar 2012 — CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote web servers to bypass intended Content Security Policy (CSP) restrictions and possibly conduct cross-site scripting (XSS) attacks via crafted HTTP headers. Vulnerabilidad de inyección de falsificación de peticiones en sitios cruzados en Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Th... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 114EXPL: 0CVE-2012-0456 – Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14)
https://notcve.org/view.php?id=CVE-2012-0456
14 Mar 2012 — The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. La implementación de filtros SVG en Mozilla Firefox antes de v3.6.28 y v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird antes de v3.1.20 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 26%CPEs: 140EXPL: 0CVE-2012-0462 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0462
14 Mar 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html •
CVSS: 9.8EPSS: 5%CPEs: 114EXPL: 0CVE-2012-0461 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0461
14 Mar 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3.6.28 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html •
CVSS: 9.8EPSS: 1%CPEs: 114EXPL: 1CVE-2012-0458 – Mozilla: Escalation of privilege with Javascript: URL as home page (MFSA 2012-16)
https://notcve.org/view.php?id=CVE-2012-0458
14 Mar 2012 — Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. Mozilla Firefox antes de v3.6.28 ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 16%CPEs: 3EXPL: 0CVE-2012-0452
https://notcve.org/view.php?id=CVE-2012-0452
11 Feb 2012 — Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, Thunderbird 10.x before 10.0.1, and SeaMonkey 2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger failure of an nsXBLDocumentInfo::ReadPrototypeBindings function call, related to the cycle collector's access to a hash table containing a stale XBL binding. Vulnerabilidad de uso después de liberar en Mozilla Firefox v10.x anteriores a v10.0.1, Thunderbird v10... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00012.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 60%CPEs: 126EXPL: 0CVE-2012-0443
https://notcve.org/view.php?id=CVE-2012-0443
01 Feb 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta la v9.0, Thunderbird v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html •
CVSS: 9.8EPSS: 93%CPEs: 13EXPL: 2CVE-2011-3659 – Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3659
01 Feb 2012 — Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Una vulnerabilidad de uso después de liberaciónen Mozilla Firefox antes de v3.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de... • https://www.exploit-db.com/exploits/18870 • CWE-416: Use After Free •