Page 199 of 1313 results (0.015 seconds)

CVSS: 9.3EPSS: 3%CPEs: 15EXPL: 1

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3v.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-01.html h •

CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 2

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Una vulnerabilidad de uso después de liberaciónen Mozilla Firefox antes de v3.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores relacionados con notificaciones AttributeChildRemoved incorrectas que afectan el acceso a nodos hijos nsDOMAttribute. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles nsDOMAttribute child removal. It is possible to remove a child without setting the removed child pointer to NULL, thus leaving it still accessible as a dangling pointer. • https://www.exploit-db.com/exploits/18870 http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-04.html https://bugzilla.mozilla.org/show_bug.cgi?id=708198 https://oval.cisecurity.org/repository/search/definit • CWE-416: Use After Free •

CVSS: 6.8EPSS: 0%CPEs: 226EXPL: 0

Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-2372 on Mac OS X. Mozilla Firefox antes de v3.6.25 y Thunderbird antes de v3.1.17 en Mac OS X no consideran los archivos .jar como ejecutables, lo que permite a atacantes remotos asistidos por el usurio evitar las restricciones de acceso intecionadas a través de un archivo. NOTA: esta vulnerabilidad existe debido a una solución incorrecta de CVE-2011-2372 en Mac OS X. • http://www.mozilla.org/security/announce/2011/mfsa2011-59.html http://www.securitytracker.com/id?1026445 http://www.securitytracker.com/id?1026447 https://bugzilla.mozilla.org/show_bug.cgi?id=704622 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14831 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 95%CPEs: 3EXPL: 1

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. La implementación de SVG en Mozilla Firefox v8.0, Thunderbird v8.0, y SeaMonkey v2.6, no interactua correctamente con los manejadores de eventos DOMAttrModified, lo que permite a atacantes remotos provocar una denegación de servicio (acceso fuera de límites de memoria) o posiblemente tener otro impacto no especificado a través de vectores que implican la eliminación de elementos SVG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. • https://www.exploit-db.com/exploits/18847 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://osvdb.org/77953 http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://secunia.com/advisories/48495 http://secunia.com/advisories/48553 http://secunia.com/advisories/48823 http://secunia.com/advi • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 5%CPEs: 100EXPL: 0

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. Mozilla Firefox v4.x hasta v8.0, Thunderbird v5.0 hasta v8.0, y SeaMonkey antes de v2.6, permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un elemento VIDEO Ogg que no sea manipulado apropiadamente despues del escalado. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://osvdb.org/77956 http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://www.mandriva.com/security/advisories?name=MDVSA-2011:192 http://www.mozilla.org/security/announce/2011/mfsa2011-58.html http://www.securitytracker.com/id?1026445 http://www.securitytracker.com/id?1026446 http://www.securitytracker.com/id • CWE-399: Resource Management Errors •