CVSS: 7.5EPSS: 10%CPEs: 100EXPL: 0CVE-2011-3671 – Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3671
Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. Vulnerabilidad de uso después de la liberación en la anterior a v2.6, permite a atacantes remotos ejecutar código arbitrario mediante la vectores que implican la eliminación del nodo padre de un elemento. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within nsINode::ReplaceOrInsertBefore() in content/base/src/nsGenericElement.cpp. A use-after-free condition can be triggered by adding an already parented option element to an option collection and then removing its associated select element during an event handler execution. • http://www.mozilla.org/security/announce/2012/mfsa2012-41.html https://bugzilla.mozilla.org/show_bug.cgi?id=739343 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 13%CPEs: 171EXPL: 0CVE-2012-1947 – Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
https://notcve.org/view.php?id=CVE-2012-1947
Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Desbordamiento de búfer en Mozilla Firefox v4.x hasta v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5, y SeaMonkey antes de v2.10, permite a atacantes remotos ejecutar código arbitrario a través de vectores que provocan un fallo en la conversión del juego de caracteres. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.debian.org/security/2012/dsa-2488 http://www.debian.org/security/2012/dsa-2489 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-40.html https://bugzill • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 171EXPL: 0CVE-2012-1937 – Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
https://notcve.org/view.php?id=CVE-2012-1937
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5 y SeaMonkey antes v2.10 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://rhn.redhat.com/errata/RHSA-2012-0710.html http://rhn.redhat.com/errata/RHSA-2012-0715.html http://www.debian.org/security/2012/dsa-2488 http://www.debian.org/security/2012/dsa-2489 http://www.debian.org/security/2012/dsa-2499 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/securi •
CVSS: 5.0EPSS: 10%CPEs: 198EXPL: 0CVE-2012-0441 – nss: NSS parsing errors with zero length items
https://notcve.org/view.php?id=CVE-2012-0441
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. El decodificador ASN.1 en el decodificador QuickDER en Mozilla Network Security Services (NSS) antes de v3.13.4, como se usa en Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird VSG v10.x antes de v10.0.5, y SeaMonkey antes de v2.10, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) a través de un elemento de longitud cero, como lo demuestra (1) una restricción básica de longitud cero o (2) un campo de longitud cero en una respuesta de OCSP. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html http://secunia.com/advisories/49976 http://secunia.com/advisories/50316 http://www.debian.org/security/2012/dsa-2490 http://www.mandriva.com/security/advisories?name=MDVSA-2012:088 http://www.mozilla.org/security/announce/2012/mfsa2012-39.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocu • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2012-1942
https://notcve.org/view.php?id=CVE-2012-1942
The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context. Los servicios de actualización 'Mozilla Updater' y 'Windows Updater' en Mozilla Firefox v12.0, Thunderbird v12.0 y SeaMonkey v2.9 en Windows permite a usuarios locales obtener privilegios mediante la carga de un archivo DLL en un contexto privilegiado. • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html http://www.mozilla.org/security/announce/2012/mfsa2012-35.html http://www.mozilla.org/security/announce/2013/mfsa2013-45.html https://bugzilla.mozilla.org/show_bug.cgi?id=748764 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16951 • CWE-264: Permissions, Privileges, and Access Controls •