CVSS: 10.0EPSS: 42%CPEs: 127EXPL: 0CVE-2012-1962 – Mozilla: JSDependentString:: undepend string conversion results in memory corruption (MFSA 2012-52)
https://notcve.org/view.php?id=CVE-2012-1962
Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. Una vulnerabilidad de uso después de liberación en la función JSDependentString::undepend en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores relacionados con cadenas con múltiples dependencias. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84004 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1957 – Mozilla: Improper filtering of javascript in HTML feed-view (MFSA 2012-47)
https://notcve.org/view.php?id=CVE-2012-1957
An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. Una utilidad de parseo no especificado en Mozilla Firefox v4.x a v13.0v, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 no maneja adecuadamente los elementos EMBED dentro de los elementos de descripción de los canales RSS, lo que permite a atacantes remotos llevar a cabo ataques de ejecución de comandos en sitios cruzados (XSS) a través de un feed. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/84000 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1953 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1953
The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. La función ElementAnimations::EnsureStyleRuleFor en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permite a atacantes remotos causar una denegación de servicio (sobre-lectura de búfer, desreferencia a puntero nulo, y un desbordamiento de búfer basado en memoria dinámica 'heap') o posiblemente ejecutar código de su elección a través de un sitio web diseñado para tal fin. • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html http://osvdb.org/83998 http://rhn.redhat.com/errata/RHSA-2012-1088.html http://secunia.com/advisories/49965 http://secunia.com/advisories/49968 http://secunia.com/advisories/49972 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3079
https://notcve.org/view.php?id=CVE-2011-3079
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de ataque no especificados. • http://code.google.com/p/chromium/issues/detail?id=117627 http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://osvdb.org/81645 http://rhn.redhat.com/errata/RHSA-2015-1012.html http://secunia.com/advisories/48992 http://www.debian.org/securi • CWE-399: Resource Management Errors •