CVSS: 10.0EPSS: 31%CPEs: 127EXPL: 0CVE-2012-1962 – Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)
https://notcve.org/view.php?id=CVE-2012-1962
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. Una vulnerabilidad de uso después de liberación en la función JSDependentString::undepend en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores relacionados con cadenas con múltiples dependencias. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84004 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 4%CPEs: 127EXPL: 0CVE-2012-1948 – Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42)
https://notcve.org/view.php?id=CVE-2012-1948
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84007 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49963 http://secunia.com/advisories/49964 http://secunia.com/advisories/49965 http:// •
CVSS: 7.5EPSS: 10%CPEs: 100EXPL: 0CVE-2011-3671 – Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3671
Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. Vulnerabilidad de uso después de la liberación en la anterior a v2.6, permite a atacantes remotos ejecutar código arbitrario mediante la vectores que implican la eliminación del nodo padre de un elemento. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within nsINode::ReplaceOrInsertBefore() in content/base/src/nsGenericElement.cpp. A use-after-free condition can be triggered by adding an already parented option element to an option collection and then removing its associated select element during an event handler execution. • http://www.mozilla.org/security/announce/2012/mfsa2012-41.html https://bugzilla.mozilla.org/show_bug.cgi?id=739343 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 13%CPEs: 171EXPL: 0CVE-2012-1947 – Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
https://notcve.org/view.php?id=CVE-2012-1947
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Desbordamiento de búfer en Mozilla Firefox v4.x hasta v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5, y SeaMonkey antes de v2.10, permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan un fallo en la conversión del juego de caracteres. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.debian.org/security/2012/dsa-2488 http://www.debian.org/security/2012/dsa-2489 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-40.html https://bugzill • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 171EXPL: 0CVE-2012-1937 – Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
https://notcve.org/view.php?id=CVE-2012-1937
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5 y SeaMonkey antes v2.10 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.debian.org/security/2012/dsa-2488 http://www.debian.org/security/2012/dsa-2489 http://www.debian.org/security/2012/dsa-2499 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/securi •