CVSS: 9.8EPSS: 3%CPEs: 140EXPL: 0CVE-2012-0459 – Mozilla: Crash when accessing keyframe cssText after dynamic modification (MFSA 2012-17)
https://notcve.org/view.php?id=CVE-2012-0459
14 Mar 2012 — The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. La implementación Hojas de Estilo en Cascada (CSS) en Mozilla Firefox 4.x hasta 10.0, 10.x Firefox ESR ant... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 140EXPL: 0CVE-2012-0460 – Mozilla: window.fullScreen writeable by untrusted content (MFSA 2012-18)
https://notcve.org/view.php?id=CVE-2012-0460
14 Mar 2012 — Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict write access to the window.fullScreen object, which allows remote attackers to spoof the user interface via a crafted web page. Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird v5.0 a v10.0, Thunderbird ESR v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 no restringe el acceso de escritura al o... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 114EXPL: 0CVE-2012-0461 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0461
14 Mar 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3.6.28 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html •
CVSS: 9.8EPSS: 2%CPEs: 140EXPL: 0CVE-2012-0462 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0462
14 Mar 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html •
CVSS: 9.8EPSS: 4%CPEs: 114EXPL: 0CVE-2012-0463
https://notcve.org/view.php?id=CVE-2012-0463
14 Mar 2012 — The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Andr... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 114EXPL: 0CVE-2012-0464 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0464
14 Mar 2012 — Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. Vulnerabilidad en la gestión de recursos en el motor del navegador de Mozilla Firefox v3.6... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 316EXPL: 0CVE-2011-3670 – Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)
https://notcve.org/view.php?id=CVE-2011-3670
01 Feb 2012 — Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Mozilla Firefox antes de v3.6.26 y v4.x hasta la v6.0, Thunderbird antes de v3.1.18 y v5.0 a v6.0 y SeaMonkey antes de v2.4 no aplican correctamente la sintaxis de direcciones IPv6 literales,... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 15EXPL: 1CVE-2012-0442 – Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)
https://notcve.org/view.php?id=CVE-2012-0442
01 Feb 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3v.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html •
CVSS: 10.0EPSS: 2%CPEs: 126EXPL: 0CVE-2012-0443
https://notcve.org/view.php?id=CVE-2012-0443
01 Feb 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta la v9.0, Thunderbird v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html •
CVSS: 7.5EPSS: 0%CPEs: 126EXPL: 0CVE-2012-0445
https://notcve.org/view.php?id=CVE-2012-0445
01 Feb 2012 — Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 permiten a atacantes remotos evitar la política de "frame-navigation" HTML5 y reemplazar sub-frames arbitrarios creando un objetivo de envío de formul... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html • CWE-264: Permissions, Privileges, and Access Controls •