CVSS: 6.8EPSS: 2%CPEs: 12EXPL: 0CVE-2012-3984
https://notcve.org/view.php?id=CVE-2012-3984
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. Mozilla Firefox v16.0, Thunderbird antes de v16.0, y SeaMonkey antes de v2.13, no controla correctamente la navegación más allá de una página web que tiene activo un elemento de menú SELECT, lo que permite a atacantes remotos ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3985
https://notcve.org/view.php?id=CVE-2012-3985
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set. Mozilla Firefox v16.0, Thunderbird antes de v16.0, y SeaMonkey antes de v2.13, no aplica correctamente la política de mismo origen de HTML5, lo que permite a atacantes remotos realizar ataques de ejecución de comandos en sitios ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3989
https://notcve.org/view.php?id=CVE-2012-3989
10 Oct 2012 — Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site. Mozilla Firefox v16.0, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no realiza una conversión de una variable no especificada durant... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2012-3991 – Mozilla: GetProperty function can bypass security checks (MFSA 2012-81)
https://notcve.org/view.php?id=CVE-2012-3991
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no restringe... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 22EXPL: 0CVE-2012-3992 – Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84)
https://notcve.org/view.php?id=CVE-2012-3992
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 22EXPL: 0CVE-2012-4187 – Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)
https://notcve.org/view.php?id=CVE-2012-4187
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and assertion failure) via unspecified vectors. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 328EXPL: 0CVE-2012-1956 – Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)
https://notcve.org/view.php?id=CVE-2012-1956
29 Aug 2012 — Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0 y SeaMonkey anterior a v2.12 no impiden el uso del método Object.defineProperty a la sombra de la localización de objetos (window.location a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2012-1970 – Mozilla: Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) (MFSA 2012-57)
https://notcve.org/view.php?id=CVE-2012-1970
29 Aug 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v15,0, Firefox ESR v10.x anterior a v10.0.7, Thunder... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 328EXPL: 0CVE-2012-1971
https://notcve.org/view.php?id=CVE-2012-1971
29 Aug 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox anterior a v15.0,y SeaMonkey anterior a v2.12 perm... • http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html •
CVSS: 10.0EPSS: 3%CPEs: 26EXPL: 0CVE-2012-1972 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1972
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditor::CollapseAdjacentTextNodes en Mozilla Firefox anterior a v15.0, Fire... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •