Page 196 of 1298 results (0.025 seconds)

CVSS: 10.0EPSS: 88%CPEs: 19EXPL: 1

CVE-2012-0444 – Mozilla Firefox Ogg Vorbis Decoding Memory Corruption Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2012-0444

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. Mozilla Firefox v3.6.26 y v4.x hasta el v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 no inicializa correctamente las estructuras de datos nsChildView, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria caida de la aplicación) o posiblemente ejecutar código de su elección a través de un archivo Ogg Vorbis debidamente manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of Ogg Vorbis media files. By crafting a stream with specific values , it is possible to cause a decoding loop that copies memory to write controlled data beyond the end of a fixed size buffer. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/48043 http://secunia.com/advisories/48095 http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 2%CPEs: 15EXPL: 0

CVE-2012-0449 – Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)

https://notcve.org/view.php?id=CVE-2012-0449

Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. Mozilla Firefox antes de v3.6.26 y v4.x hasta v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta v9.0, y SeaMonkey antes de v2.7, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de una hoja de estilos XSLT que se encuentra embebida en un documento. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-08.html h • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 1%CPEs: 326EXPL: 0

CVE-2011-3664

https://notcve.org/view.php?id=CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. Mozilla Firefox antes de v9.0, Thunderbird antes de v9.0, y SeaMonkey antes de v2.6 en Mac OS X, no maneja apropiadamente algunos supresiones de marcos DOM por los complementos, lo que permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero incorrecto y caída de la aplicacion) o posiblemente tener otros impactos no especificados a través de un sitio web modificado. • http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://www.mozilla.org/security/announce/2011/mfsa2011-57.html http://www.securitytracker.com/id?1026445 http://www.securitytracker.com/id?1026446 http://www.securitytracker.com/id?1026447 https://bugzilla.mozilla.org/show_bug.cgi?id=649079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14574 •

CVSS: 6.8EPSS: 0%CPEs: 226EXPL: 0

CVE-2011-3666

https://notcve.org/view.php?id=CVE-2011-3666

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X. Mozilla Firefox antes de v3.6.25 y Thunderbird antes de v3.1.17 en Mac OS X no consideran los archivos .jar como ejecutables, lo que permite a atacantes remotos asistidos por el usurio evitar las restricciones de acceso intecionadas a través de un archivo. NOTA: esta vulnerabilidad existe debido a una solución incorrecta de CVE-2011-2372 en Mac OS X. • http://www.mozilla.org/security/announce/2011/mfsa2011-59.html http://www.securitytracker.com/id?1026445 http://www.securitytracker.com/id?1026447 https://bugzilla.mozilla.org/show_bug.cgi?id=704622 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14831 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 5%CPEs: 100EXPL: 0

CVE-2011-3665

https://notcve.org/view.php?id=CVE-2011-3665

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. Mozilla Firefox v4.x hasta v8.0, Thunderbird v5.0 hasta v8.0, y SeaMonkey antes de v2.6, permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un elemento VIDEO Ogg que no sea manipulado apropiadamente despues del escalado. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://osvdb.org/77956 http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://www.mandriva.com/security/advisories?name=MDVSA-2011:192 http://www.mozilla.org/security/announce/2011/mfsa2011-58.html http://www.securitytracker.com/id?1026445 http://www.securitytracker.com/id?1026446 http://www.securitytracker.com/id • CWE-399: Resource Management Errors •