CVSS: 7.5EPSS: 7%CPEs: 114EXPL: 0CVE-2012-0461 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0461
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3.6.28 y 4.x hasta 10.0, Firefox ESR 10.x antes de 10.0.3, Thunderbird antes de 3.1.20 y 5.0 hasta 10.0, Thunderbird ESR 10.x antes de 10.0.3 , y SeaMonkey antes de 2.8 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y la caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48414 http://secunia.com/advisories/48495 http://secunia.com/advisories •
CVSS: 7.5EPSS: 55%CPEs: 114EXPL: 0CVE-2012-0463
https://notcve.org/view.php?id=CVE-2012-0463
The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Android. La implementación nsWindow en el motor del navegador de Mozilla Firefox 3.6.28 y antes de 4.x través de 10.0, Firefox ESR 10.x antes de 10.0.3, Thunderbird antes de 3.1.20 y 5.0 hasta 10.0, Thunderbird ESR 10.x antes de 10.0.3 , y SeaMonkey antes de 2.8 no comprueba la validez de una instancia después de distribución de eventos, que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, como lo demuestra el Firefox Mobile en Android . • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://secunia.com/advisories/48402 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/advisories/48624 http://secunia.com/advisories/48629 http://www.mozilla.org/security/announce/2012/mfsa2012-19.html http://www.securityfocus.com/bid&# • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 9%CPEs: 114EXPL: 0CVE-2012-0464 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0464
Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. Vulnerabilidad en la gestión de recursos en el motor del navegador de Mozilla Firefox v3.6.28 y antes de 4.x través de v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird antes de v3.1.20 y v5.0 a través de v10.0, v10.x Thunderbird ESR antes de v10.0.3, y SeaMonkey v2.8 antes de que permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un argumento vacío a la función Array.join en conjunto con la activación de la recolección de basura. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://pwn2own.zerodayinitiative.com/status.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48414 http://secunia.com • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 316EXPL: 0CVE-2011-3670 – Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)
https://notcve.org/view.php?id=CVE-2011-3670
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Mozilla Firefox antes de v3.6.26 y v4.x hasta la v6.0, Thunderbird antes de v3.1.18 y v5.0 a v6.0 y SeaMonkey antes de v2.4 no aplican correctamente la sintaxis de direcciones IPv6 literales, lo que permite a atacantes remotos obtener información sensible mediante la realización de llamadas XMLHttpRequest a través de un proxy y leyendo los mensajes de error. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-02.html h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 2%CPEs: 15EXPL: 0CVE-2012-0449 – Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)
https://notcve.org/view.php?id=CVE-2012-0449
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. Mozilla Firefox antes de v3.6.26 y v4.x hasta v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta v9.0, y SeaMonkey antes de v2.7, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de una hoja de estilos XSLT que se encuentra embebida en un documento. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-08.html h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •