CVSS: 5.0EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5132
https://notcve.org/view.php?id=CVE-2012-5132
Google Chrome before 23.0.1271.91 allows remote attackers to cause a denial of service (application crash) via a response with chunked transfer coding. Google Chrome anterior a v23.0.1271.91 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de una respuesta con "chunked transfer coding" • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://osvdb.org/87887 http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=155711 https://exchange.xforce.ibmcloud.com/vulnerabilities/80293 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15040 •
CVSS: 5.0EPSS: 1%CPEs: 64EXPL: 0CVE-2012-5130
https://notcve.org/view.php?id=CVE-2012-5130
Skia, as used in Google Chrome before 23.0.1271.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Skia, como se usa en Google Chrome antes de v23.0.1271.91 permite a atacantes remotos provocar una denegación de servicio (lectura fuera de límites) a través de vectores no especificados • http://googlechromereleases.blogspot.com/2012/11/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html http://osvdb.org/87888 http://www.securityfocus.com/bid/56684 http://www.securitytracker.com/id?1027815 https://code.google.com/p/chromium/issues/detail?id=148638 https://exchange.xforce.ibmcloud.com/vulnerabilities/80292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15734 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 10%CPEs: 17EXPL: 0CVE-2012-4218
https://notcve.org/view.php?id=CVE-2012-4218
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Uso después de liberación en la función BuildTextRunsScanner::BreakSink::SetBreaks en Mozilla Firefox antes de v17.0, Thunderbird antes de v17.0 y SeaMonkey antes de v2.14 permite a los atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria dinámica) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia.com/advisories/51434 http:& • CWE-416: Use After Free •
CVSS: 7.5EPSS: 3%CPEs: 17EXPL: 0CVE-2012-5836
https://notcve.org/view.php?id=CVE-2012-5836
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text. Mozilla Firefox antes de 17.0, Thunderbird antes de 17.0 y SeaMonkey antes de 2.14 permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (caída de aplicación) a través de vectores relacionados con el establecimiento de las hojas de estilo en cascada (CSS), en relación con el texto SVG. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://osvdb.org/87593 http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 2%CPEs: 17EXPL: 1CVE-2012-4204
https://notcve.org/view.php?id=CVE-2012-4204
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. La función str_unescape en el motor Javascript en Mozilla Firefox antes de v17.0 Thunderbird antes de v17.0 y SeaMonkey antes v2.14, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html http://osvdb.org/87592 http://secunia.com/advisories/51369 http://secunia.com/advisories/51370 http://secunia.com/advisories/51381 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •