Page 58 of 660 results (0.045 seconds)

CVSS: 9.3EPSS: 3%CPEs: 164EXPL: 0

CVE-2012-0472 – Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25)

https://notcve.org/view.php?id=CVE-2012-0472

The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. La implementación de cairo-dwrite en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 cuando se usan algunas configuraciones de Windows Vista y Windows 7, no restringe adecuadamente los intentos de renderizado de fuente, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) o posiblemente ejecutar código de su elección a través de vectores no especificados. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-25.html http://www.securityfocus.com/bid/53218 https://bugzilla.mozilla.org/show_bug.cgi?id=744480 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17067 https://access.redhat.com/security/cve/CVE • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 0%CPEs: 165EXPL: 0

CVE-2012-0473 – Mozilla: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error (MFSA 2012-26)

https://notcve.org/view.php?id=CVE-2012-0473

The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. La función WebGLBuffer::FindMaxUshortElement en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 llama a la función FindMaxElementInSubArray con argumentos de plantilla incorrectos, lo que permite a atacantes remotos obtener información sensible de la memoria de video a través de una llamada modificada a WebGL.drawElements. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-26.html http://www.securityfocus.com/bid/53231 https://bugzilla.mozilla.org/show_bug.cgi?id=743475 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16113 https: • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 10%CPEs: 157EXPL: 0

CVE-2012-0468 – Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20)

https://notcve.org/view.php?id=CVE-2012-0468

The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function. El motor del navegador en en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a atacantes remotos provocar una denegación de servicio o posiblemente ejecutar código de su elección a través de vectores relacionados con jsval.h y la función js::array_shift. • http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security/announce/2012/mfsa2012-20.html http://www.securityfocus.com/bid/53221 https://bugzilla.mozilla.org/show_bug.cgi?id=714616 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16771 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 10.0EPSS: 21%CPEs: 165EXPL: 0

CVE-2012-0467 – Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20)

https://notcve.org/view.php?id=CVE-2012-0467

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.debian.org/security/2012/dsa-2457 http://www.debian.org/security/2012/dsa-2458 http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security •

CVSS: 4.3EPSS: 1%CPEs: 165EXPL: 0

CVE-2012-0479 – Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33)

https://notcve.org/view.php?id=CVE-2012-0479

Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 permite a atacantes remotos falsificar la barra de dirección a través de una URL https hacia contenido no válido (1) RSS o (2) Atom XML. • http://secunia.com/advisories/48920 http://secunia.com/advisories/48922 http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.debian.org/security/2012/dsa-2457 http://www.debian.org/security/2012/dsa-2458 http://www.debian.org/security/2012/dsa-2464 http://www.mandriva.com/security/advisories?name=MDVSA-2012:066 http://www.mandriva.com/security/advisories?name=MDVSA-2012:081 http://www.mozilla.org/security •