CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2012-4205
https://notcve.org/view.php?id=CVE-2012-4205
21 Nov 2012 — Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. Mozilla Firefox antes de v17.0 Thunderbird antes de v17.0 y SeaMonkey antes v2.14, asigna el principal sistema, en lugar del entorno de seguridad, a los objetos XMLHttpReq... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 2%CPEs: 26EXPL: 2CVE-2012-5835 – Mozilla: Use-after-free, buffer overflow, and memory corruption issues found using Address Sanitizer (MFSA 2012-106)
https://notcve.org/view.php?id=CVE-2012-5835
21 Nov 2012 — Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data. Desbordamiento de entero en el subsistema de WebGL en Mozilla Firefox antes de 17.0, Firefox ESR 10.x antes de 10.0.11, Thunderbird antes de 17.0, Thunderbird ESR 10.x antes de 10.0.11, y SeaMonke... • https://packetstorm.news/files/id/141118 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 6%CPEs: 26EXPL: 0CVE-2012-4202 – Mozilla: Buffer overflow while rendering GIF images (MFSA 2012-92)
https://notcve.org/view.php?id=CVE-2012-4202
21 Nov 2012 — Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF image. Un desbordamiento de búfer basado en memoria dinámica ('heap') en la función image::RasterImage::DrawFrameTo en Mozilla Firefox antes de v17.0, Firefox ESR v10.x antes de v10.0.11, Thunderbird antes de v17.0, ... • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 1%CPEs: 27EXPL: 1CVE-2012-4194 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4194
29 Oct 2012 — Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 do not prevent use of the valueOf method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Mozilla Firefox anteriores a v16.0.2, Firefox ESR v10.x anteriores a v10.0.10, Thunderbird anteriores a v16.0.2, Thunderbird ESR v10.x anteri... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 27EXPL: 1CVE-2012-4196 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4196
29 Oct 2012 — Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. Mozilla Firefox anteriores a v16.0.2, Firefox ESR v10.x anteriores a v10.0.10, Thunderbird anteriores a v16.0.2, Thunderbird ESR v10.x anteriores a v10.0.10, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.8EPSS: 1%CPEs: 27EXPL: 0CVE-2012-4195 – Mozilla: Fixes for Location object issues (MFSA 2012-90)
https://notcve.org/view.php?id=CVE-2012-4195
29 Oct 2012 — The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. La fu... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 1CVE-2012-4193 – Mozilla: defaultValue security checks not applied (MFSA 2012-89)
https://notcve.org/view.php?id=CVE-2012-4193
12 Oct 2012 — Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, Thunderbird before 16.0.1, Thunderbird ESR 10.x before 10.0.9, and SeaMonkey before 2.13.1 omit a security check in the defaultValue function during the unwrapping of security wrappers, which allows remote attackers to bypass the Same Origin Policy and read the properties of a Location object, or execute arbitrary JavaScript code, via a crafted web site. Mozilla Firefox anteriores a v16.0.1, Firefox ESR v10.x anteriores a v10.0.9, Thunderbird an... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-346: Origin Validation Error •
CVSS: 10.0EPSS: 3%CPEs: 24EXPL: 0CVE-2012-1976 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1976
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLSelectElement::SubmitNamesValues en Mozilla Firefox anterior a v15.0, Firefo... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 3%CPEs: 26EXPL: 0CVE-2012-3959 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3959
29 Aug 2012 — Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsRangeUpdater::SelAdjDeleteNode en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 0CVE-2012-3972 – Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
https://notcve.org/view.php?id=CVE-2012-3972
29 Aug 2012 — The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. La funcionalidad format-number en la implementación XSLT en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR ... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •