CVE-2012-4206
https://notcve.org/view.php?id=CVE-2012-4206
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Vulnerabilidad de no confianza de ruta de búsqueda en el instalador de Mozilla Firefox anterior a v17.0 y Firefox ESR v10.x anterior a v10.0.11 en Windows permite a usuarios locales obtener privilegios a través de un troyano DLL en el directorio predeterminado de descargas. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://www.mozilla.org/security/announce/2012/mfsa2012-98.html https://bugzilla.mozilla.org/show_bug.cgi?id=792106 https://exchange.xforce.ibmcloud.com/vulnerabilities/80176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16991 •
CVE-2012-5838
https://notcve.org/view.php?id=CVE-2012-5838
The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions. La implementación de copyTextImage2D en el susbistema WebGL en Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0 y SeaMonkey antes de 2.14, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de grandes dimensiones de la imagen. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://osvdb.org/87599 http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-4205
https://notcve.org/view.php?id=CVE-2012-4205
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on. Mozilla Firefox antes de v17.0 Thunderbird antes de v17.0 y SeaMonkey antes v2.14, asigna el principal sistema, en lugar del entorno de seguridad, a los objetos XMLHttpRequest creados en entornos controlados, lo que permite a atacantes remotos realizar falsificación de peticiones en sitios cruzados (CSRF) u obtener información sensible mediante el aprovechamiento del complemento de entorno controlado. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http:& • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2012-4203
https://notcve.org/view.php?id=CVE-2012-4203
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. Página en nueva pestaña en Mozilla Firefox antes de v17.0, utiliza un contexto con privilegios elevados para la ejecución de código javascript de bookmarklets, lo que permite a atacantes remotos asistidos por el usuario ejecutar programas arbitrarios mediante el aprovechamiento de una javascript: URL de un marcador. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://secunia.com/advisories/51369 http://secunia.com/advisories/51434 http://secunia.com/advisories/51439 http://www.mozilla.org/security/announce/2012/mfsa2012-95.html http://www.securityfocus.com/bid/56623 http • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-4208
https://notcve.org/view.php?id=CVE-2012-4208
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site. La implementación XrayWrapper en Mozilla Firefox anterior a v17.0, Thunderbird anterior a v17.0, y SeaMonkey anterior a v2.14 no considera el compartimiento durante la característica de filtrado, permitiendo a atacantes remotos eludir las restricciones chrome-only sobre la lectura de propiedades de objetos DOM mediante un sitio manipulado. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http:& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •