CVSS: 10.0EPSS: 6%CPEs: 17EXPL: 0CVE-2012-4218
https://notcve.org/view.php?id=CVE-2012-4218
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función BuildTextRunsScanner::BreakSink::SetBreaks en Mozilla Firefox antes de v17.0, Thunderbird antes de v17.0 y SeaMonkey antes de v2.14 permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http:& • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 19EXPL: 1CVE-2012-4213
https://notcve.org/view.php?id=CVE-2012-4213
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función nsEditor::FindNextLeafNode en Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0, y SeaMonkey antes de 2.14 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http:& • CWE-416: Use After Free •
CVSS: 10.0EPSS: 6%CPEs: 17EXPL: 0CVE-2012-4212
https://notcve.org/view.php?id=CVE-2012-4212
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función XPCWrappedNative::Mark en Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0, y SeaMonkey antes de 2.14 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http:& • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 171EXPL: 0CVE-2012-5837
https://notcve.org/view.php?id=CVE-2012-5837
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. Web Developer Toolbar en Mozilla Firefox antes de v17.0 ejecuta comandos con privilegios de chrome, que permite a atacantes remotos asistidos por el usuario para realizar ataques de ejecución de secuencias de comandos en sitios cruzados (XSS) a través de una cadena de caracteres manipulada. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://osvdb.org/87586 http://secunia.com/advisories/51369 http://secunia.com/advisories/51434 http://secunia.com/advisories/51439 http://www. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 184EXPL: 0CVE-2012-4206
https://notcve.org/view.php?id=CVE-2012-4206
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Vulnerabilidad de no confianza de ruta de búsqueda en el instalador de Mozilla Firefox anterior a v17.0 y Firefox ESR v10.x anterior a v10.0.11 en Windows permite a usuarios locales obtener privilegios a través de un troyano DLL en el directorio predeterminado de descargas. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://www.mozilla.org/security/announce/2012/mfsa2012-98.html https://bugzilla.mozilla.org/show_bug.cgi?id=792106 https://exchange.xforce.ibmcloud.com/vulnerabilities/80176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16991 •