CVSS: 9.3EPSS: 3%CPEs: 23EXPL: 0CVE-2012-4183 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4183
Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función DOMSVGTests::GetRequiredFeatures en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html http://osvdb.org/86095 http://rhn.redhat.com/errata/RHSA-2012-1351.html http://secunia.com/advisories/50856 http://secunia.com/advisories/50892 http://secunia.com/advisories/50904 http://secunia.com/advisories/50935 http://secunia.com/advisories/50936 http://secunia.com/advisories/50984 http://secunia.com/advisories/55318 http://www.mandriva.com/security/advisories?name=MDVSA-2012:163 http://www. • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 25EXPL: 1CVE-2012-3967 – Mozilla: WebGL use-after-free and memory corruption (MFSA 2012-62)
https://notcve.org/view.php?id=CVE-2012-3967
The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site. La implementación WebGL en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 en Linux, cuando un gran número de muestreos uniformes se utilizan, interactuando de forma no adecuada con los (drivers) Mesa, lo que permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de pila de memoria) a través de un sitio web manipulado. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-62.html http://www.securityfocus.com/bid/55277 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu&# • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 328EXPL: 0CVE-2012-1956 – Mozilla: Location object can be shadowed using Object.defineProperty (MFSA 2012-59)
https://notcve.org/view.php?id=CVE-2012-1956
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin. Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0 y SeaMonkey anterior a v2.12 no impiden el uso del método Object.defineProperty a la sombra de la localización de objetos (window.location aka), lo que hace que sea más fácil para los atacantes remotos realizar cross-site scripting (XSS ataques) a través de vectores relacionados con un plugin. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1351.html http://www.mozilla.org/security/announce/2012/mfsa2012-59.html http://www.securityfocus.com/bid/55260 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu.com/usn/USN-1548-2 https://bugzilla.mozilla.org&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 342EXPL: 0CVE-2012-3978 – Mozilla: Location object security checks bypassed by chrome code (MFSA 2012-70)
https://notcve.org/view.php?id=CVE-2012-3978
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. La función nsLocation::CheckURL en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 no sigue seguir correctamente el modelo de seguridad de ubicación de objeto, lo que permite a atacantes remotos evitar las restricciones de carga de contenido o posiblemente tener un impacto no especificado a través de vectores relacionados con el código de chrome. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.debian.org/security/2012/dsa-2553 http://www.debian.org/security/2012/dsa-2554 http://www.debian.org/security/2012/dsa-2556 http://www.mozilla. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 11%CPEs: 328EXPL: 0CVE-2012-3971
https://notcve.org/view.php?id=CVE-2012-3971
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Summer Institute of Linguistics (SIL) Graphite v2, cuando es usado en Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0, y SeaMonkey anterior a v2.12, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores relacionados con las funciones (1) Silf::readClassMap and (2) Pass::readPass. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://www.mozilla.org/security/announce/2012/mfsa2012-64.html http://www.securityfocus.com/bid/55304 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu.com/usn/USN-1548-2 https://bugzilla.mozilla.org/show_bug.cgi?id=753230 https://bugzilla.mozilla.org& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •