Page 57 of 672 results (0.019 seconds)

CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0

CVE-2011-3079

https://notcve.org/view.php?id=CVE-2011-3079

The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de ataque no especificados. • http://code.google.com/p/chromium/issues/detail?id=117627 http://googlechromereleases.blogspot.com/2012/04/stable-channel-update_30.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00012.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html http://osvdb.org/81645 http://rhn.redhat.com/errata/RHSA-2015-1012.html http://secunia.com/advisories/48992 http://www.debian.org/securi • CWE-399: Resource Management Errors •

CVSS: 2.6EPSS: 1%CPEs: 157EXPL: 0

CVE-2012-0475

https://notcve.org/view.php?id=CVE-2012-0475

Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields. Mozilla Firefox v4.x hasta v11.0, Thunderbird v5.0 hasta v11.0, y SeaMonkey antes de v2.9 no construye adecuadamente las cabeceras HTTP Origin y Sec-WebSocket-Origin, lo que podría permite a atacantes remotos evitar una ACL literal de IPv6 a través de una operación de sitio cruzado (1) XMLHttpRequest or (2) WebSocket que involucre un número de puerto no estándar y una dirección IPv6 que contiene ciertos campos cero. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2012/mfsa2012-28.html http://www.securityfocus.com/bid/53230 https://bugzilla.mozilla.org/show_bug.cgi?id=694576 https://exchange.xforce.ibmcloud.com/vulnerabilities/75153 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16279 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 9.3EPSS: 3%CPEs: 164EXPL: 0

CVE-2012-0472 – Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25)

https://notcve.org/view.php?id=CVE-2012-0472

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. La implementación de cairo-dwrite en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 cuando se usan algunas configuraciones de Windows Vista y Windows 7, no restringe adecuadamente los intentos de renderizado de fuente, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores no especificados. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-25.html http://www.securityfocus.com/bid/53218 https://bugzilla.mozilla.org/show_bug.cgi?id=744480 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067 https://access.redhat.com/security/cve/CVE • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 0%CPEs: 165EXPL: 0

CVE-2012-0474 – Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27)

https://notcve.org/view.php?id=CVE-2012-0474

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." Múltiples vulnerabilidades de ejcución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores relacionados con carga de páginas corto-circuitadas, también conocido como "Universal XSS" (UXSS) • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-27.html http://www.securityfocus.com/bid/53228 https://bugzilla.mozilla.org/show_bug.cgi?id=687745 https://bugzilla.mozilla.org/show_bug.cgi?id=737307 https://oval.cisecurity.org/repository/sea • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 165EXPL: 0

CVE-2012-0473 – Mozilla: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error (MFSA 2012-26)

https://notcve.org/view.php?id=CVE-2012-0473

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. La función WebGLBuffer::FindMaxUshortElement en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 llama a la función FindMaxElementInSubArray con argumentos de plantilla incorrectos, lo que permite a atacantes remotos obtener información sensible de la memoria de video a través de una llamada modificada a WebGL.drawElements. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-26.html http://www.securityfocus.com/bid/53231 https://bugzilla.mozilla.org/show_bug.cgi?id=743475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113 https: • CWE-189: Numeric Errors •