CVSS: 9.3EPSS: 17%CPEs: 342EXPL: 0CVE-2012-3969 – Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)
https://notcve.org/view.php?id=CVE-2012-3969
Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a heap-based buffer overflow. Desbordamiento de entero en la función nsSVGFEMorphologyElement::Filter en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código arbitrario a través de un filtro SVG manipulado que desencadena un cálculo de suma incorrecta, dando lugar a un desbordamiento de búfer basado en memoria dinámica. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.debian.org/security/2012/dsa-2553 http://www.debian.org/security/2012/dsa-2554 http://www.debian.org/security/2012/dsa-2556 http://www.mozilla. • CWE-189: Numeric Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 9%CPEs: 26EXPL: 0CVE-2012-1972 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1972
Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditor::CollapseAdjacentTextNodes en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.debian.org/security/2012/dsa-2553 http://www.debian.org/security/2012/dsa-2554 http://www.debian.org/security/2012/dsa-2556 http://www.mozilla. • CWE-416: Use After Free •
CVSS: 10.0EPSS: 10%CPEs: 24EXPL: 0CVE-2012-1976 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1976
Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLSelectElement::SubmitNamesValues en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.debian.org/security/2012/dsa-2553 http://www.debian.org/security/2012/dsa-2554 http://www.debian.org/security/2012/dsa-2556 http://www.mozilla. • CWE-416: Use After Free •
CVSS: 10.0EPSS: 21%CPEs: 342EXPL: 0CVE-2012-3958 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3958
Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditRules::DeleteNonTableElements en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.mozilla.org/security/announce/2012/mfsa2012-58.html http://www.securityfocus.com/bid/55323 http://www.ubuntu.com/usn/USN-1548-1 http://www.ubuntu&# • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 5.8EPSS: 0%CPEs: 26EXPL: 0CVE-2012-3972 – Mozilla: Out-of-bounds read in format-number in XSLT (MFSA 2012-65)
https://notcve.org/view.php?id=CVE-2012-3972
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. La funcionalidad format-number en la implementación XSLT en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ESR v10.x anterior a v10.0.7, y SeaMonkey anterior a v2.12 permite a atacantes remotos obtener información sensible a través de vectores no especificados que desencadenan un desbordamiento de búfer basado en memoria dinámica de lectura. • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html http://rhn.redhat.com/errata/RHSA-2012-1210.html http://rhn.redhat.com/errata/RHSA-2012-1211.html http://www.debian.org/security/2012/dsa-2553 http://www.debian.org/security/2012/dsa-2554 http://www.debian.org/security/2012/dsa-2556 http://www.mozilla. • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •