Page 194 of 1317 results (0.041 seconds)

CVSS: 10.0EPSS: 11%CPEs: 166EXPL: 0

CVE-2012-0469 – Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22)

https://notcve.org/view.php?id=CVE-2012-0469

Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. Vulnerabilidad de error en la gestión de recursos en la función mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con datos IndexedBD modificados. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-22.html http://www.securityfocus.com/bid/53220 https://bugzilla.mozilla.org/show_bug.cgi?id=738985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16734 https: • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 9.3EPSS: 6%CPEs: 164EXPL: 0

CVE-2012-0472 – Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25)

https://notcve.org/view.php?id=CVE-2012-0472

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. La implementación de cairo-dwrite en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 cuando se usan algunas configuraciones de Windows Vista y Windows 7, no restringe adecuadamente los intentos de renderizado de fuente, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores no especificados. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-25.html http://www.securityfocus.com/bid/53218 https://bugzilla.mozilla.org/show_bug.cgi?id=744480 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067 https://access.redhat.com/security/cve/CVE • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 165EXPL: 0

CVE-2012-0478 – Mozilla: Crash with WebGL content using textImage2D (MFSA 2012-30)

https://notcve.org/view.php?id=CVE-2012-0478

The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. La implementación de texImage2D en el subsistema WebGL en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 no restringe adecuadamente conversiones JSVAL_TO_OBJECT, lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de una página web modificada. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-30.html http://www.securityfocus.com/bid/53227 https://bugzilla.mozilla.org/show_bug.cgi?id=727547 https://exchange.xforce.ibmcloud.com/vulnerabilities/75155 https://oval.cisecurity.org/repository/sea • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 165EXPL: 0

CVE-2012-0471 – Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24)

https://notcve.org/view.php?id=CVE-2012-0471

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. Ejecución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de conjuntos de caracteres multibyte. • http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.debian.org/security/2012/dsa-2457 http://www.debian.org/security/2012/dsa-2458 http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 165EXPL: 0

CVE-2012-0477 – Mozilla: Potential XSS through ISO-2022-KR/ISO-2022-CN decoding issues (MFSA 2012-29)

https://notcve.org/view.php?id=CVE-2012-0477

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set. Múltiples vulnerabilidades de ejcución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de caracteres (1) ISO-2022-KR o (2) ISO-2022-CN • http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.debian.org/security/2012/dsa-2457 http://www.debian.org/security/2012/dsa-2458 http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •