Page 28 of 139 results (0.084 seconds)

CVSS: 4.3EPSS: 0%CPEs: 127EXPL: 0

CVE-2012-1961 – Mozilla: X-Frame-Options header ignored when duplicated (MFSA 2012-51)

https://notcve.org/view.php?id=CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR 10.x antes de v10.0.6, y SeaMonkey antes de v2.11 no manejan correctamente los valores duplicados en las cabeceras X-Frame-Options, lo que hace que sea más fácil para los atacantes remotos el realizar ataques de clickjacking a través de un elemento FRAME que referencie a un sitio web que produce estos valores duplicados. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84003 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 31%CPEs: 127EXPL: 0

CVE-2012-1962 – Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)

https://notcve.org/view.php?id=CVE-2012-1962

Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. Una vulnerabilidad de uso después de liberación en la función JSDependentString::undepend en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores relacionados con cadenas con múltiples dependencias. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84004 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 4%CPEs: 127EXPL: 0

CVE-2012-1948 – Mozilla: Miscellaneous memory safety hazards (rv:14.0/ rv:10.0.6) (MFSA 2012-42)

https://notcve.org/view.php?id=CVE-2012-1948

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84007 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49963 http://secunia.com/advisories/49964 http://secunia.com/advisories/49965 http:// •

CVSS: 4.3EPSS: 0%CPEs: 127EXPL: 0

CVE-2012-1957 – Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47)

https://notcve.org/view.php?id=CVE-2012-1957

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. Una utilidad de parseo no especificado en Mozilla Firefox v4.x a v13.0v, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 no maneja adecuadamente los elementos EMBED dentro de los elementos de descripción de los canales RSS, lo que permite a atacantes remotos llevar a cabo ataques de ejecución de comandos en sitios cruzados (XSS) a través de un feed. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84000 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •