CVSS: 9.3EPSS: 8%CPEs: 127EXPL: 0CVE-2012-1958 – Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48)
https://notcve.org/view.php?id=CVE-2012-1958
Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. Una vulnerabilidad de uso después de liberación en la función de nsGlobalWindow::PageHidden en Mozilla Firefox v4.x av13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6 y SeaMonkey antes de v2.11 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores relacionados con el contenido que tiene el foco. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84001 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 42%CPEs: 127EXPL: 0CVE-2012-1962 – Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)
https://notcve.org/view.php?id=CVE-2012-1962
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. Una vulnerabilidad de uso después de liberación en la función JSDependentString::undepend en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores relacionados con cadenas con múltiples dependencias. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84004 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 13%CPEs: 171EXPL: 0CVE-2012-1947 – Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
https://notcve.org/view.php?id=CVE-2012-1947
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Desbordamiento de búfer en Mozilla Firefox v4.x hasta v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5, y SeaMonkey antes de v2.10, permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan un fallo en la conversión del juego de caracteres. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.debian.org/security/2012/dsa-2488 http://www.debian.org/security/2012/dsa-2489 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-40.html https://bugzill • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 171EXPL: 0CVE-2012-1937 – Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
https://notcve.org/view.php?id=CVE-2012-1937
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5 y SeaMonkey antes v2.10 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.debian.org/security/2012/dsa-2488 http://www.debian.org/security/2012/dsa-2489 http://www.debian.org/security/2012/dsa-2499 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/securi •
CVSS: 5.0EPSS: 10%CPEs: 198EXPL: 0CVE-2012-0441 – nss: NSS parsing errors with zero length items
https://notcve.org/view.php?id=CVE-2012-0441
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. El decodificador ASN.1 en el decodificador QuickDER en Mozilla Network Security Services (NSS) antes de v3.13.4, como se usa en Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird VSG v10.x antes de v10.0.5, y SeaMonkey antes de v2.10, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un elemento de longitud cero, como lo demuestra (1) una restricción básica de longitud cero o (2) un campo de longitud cero en una respuesta de OCSP. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://secunia.com/advisories/49976 http://secunia.com/advisories/50316 http://www.debian.org/security/2012/dsa-2490 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-39.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •