Page 23 of 205 results (0.012 seconds)

CVSS: 6.8EPSS: 0%CPEs: 22EXPL: 0

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no previene el acceso a las propiedades de un prototipo para una clase estandar, lo que permite a atacantes remotos ejecutar código JavaScript de su elección con privilegios chrome a través de una pagina web manipulada. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://osvdb.org/86113 http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50984 http://secunia.com/advisories/55318 http://www.mandriva.com/security/advisories?name=MDVSA-2012:163 http://www.mozilla.org/security/announce/2012/mfsa2012-83.html http://www.securityfocus.com/bid/56120 http://www.ubuntu.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 2%CPEs: 23EXPL: 0

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la funciónn sHTMLCSSUtils::CreateCSSPropertyTxn en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50856 http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50935 http://secunia.com/advisories/50936 http://secunia.com/advisories/50984 http://secunia.com/advisories/51181 http://secunia.com/advisories/55318 http://www.debian.org/security/2012/dsa-2565 http://www.debian&# • CWE-125: Out-of-bounds Read CWE-416: Use After Free •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils (aka nsDOMWindowUtils) methods, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no restringe correctamente las llamadas a métodos DOMWindowUtils (alias nsDOMWindowUtils), lo que permite a atacantes remotos evitar las restricciones de acceso a través de código JavaScript manipulado. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50856 http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50935 http://secunia.com/advisories/50936 http://secunia.com/advisories/50984 http://secunia.com/advisories/51181 http://secunia.com/advisories/55318 http://www.debian.org/security/2012/dsa-2565 http://www.debian&# • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 6%CPEs: 22EXPL: 0

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code via vectors involving use of mozRequestFullScreen to enter full-screen mode, and use of the history.back method for backwards history navigation. Vulnerabilidad de uso después de liberación en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, podría permitir a atacantes remotos ejecutar código de su elección a través de vectores que implican el uso de mozRequestFullScreen para acceder al modo de pantalla completa y usar el método history.back para usar el historial de navegación. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://osvdb.org/86109 http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50856 http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50935 http://secunia.com/advisories/50936 http://secunia.com/advisories/50984 http://secunia.com/advisories/55318 http://www.mandriva.com/security/advisories?name=MDVSA-2012:163 http://www. • CWE-416: Use After Free •

CVSS: 9.3EPSS: 71%CPEs: 23EXPL: 0

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en la función nsWaveReader::DecodeAudioData en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://osvdb.org/86117 http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50856 http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50935 http://secunia.com/advisories/50936 http://secunia.com/advisories/50984 http://secunia.com/advisories/51181 http://secunia.com/advisories/55318 http://www.debian.org/security/2012/dsa& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •