CVE-2012-3963 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3963
Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función js::gc::MapAllocToTraceKind en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.securityfocus.com/bid/55340 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu • CWE-416: Use After Free •
CVE-2012-3968 – Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62)
https://notcve.org/view.php?id=CVE-2012-3968
Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor. Vulnerabilidad de liberación después de uso en la implementación WebGL en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con la eliminación de un fragmento (shader) debido al acceso. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-62.html http://www.securityfocus.com/bid/55276 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu • CWE-416: Use After Free •
CVE-2012-3957 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3957
Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función nsBlockFrame::MarkLineDirty en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.securityfocus.com/bid/55341 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2012-3970 – Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)
https://notcve.org/view.php?id=CVE-2012-3970
Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movement of a requiredFeatures attribute from one SVG document to another. Vulnerabilidad de liberación después de uso en la función nsTArray_base::Length en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción memoria dinámica) a través de vectores relacionados con el movimiento de un atributo requiredFeatures de un documento SVG a otro. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-63.html http://www.securityfocus.com/bid/55278 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2012-3974
https://notcve.org/view.php?id=CVE-2012-3974
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. Vulnerabilidad de búsqueda no segura de ruta en el instalador en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7 en Windows permite a usuarios locales obtener privilegios a través de un archivo ejecutable de tipo troyano, situado en un directorio raíz. • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://www.mozilla.org/security/announce/2012/mfsa2012-67.html http://www.securityfocus.com/bid/55312 http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf https://bugzilla.mozilla.org/show_bug.cgi?id=770478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16692 • CWE-399: Resource Management Errors •