CVE-2012-0454
https://notcve.org/view.php?id=CVE-2012-0454
Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. Vulnerabilidad en la gestión de recursos en Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird v5.0 a v10.0, Thunderbird ESR v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 en plataformas 32-bit de Windows 7, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores relacionados con el uso del cuadro de diálogo abrir archivo en una ventana secundaria, relacionada con la función IUnknown_QueryService en la librería de Windows shlwapi.dll. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://secunia.com/advisories/48402 http://secunia.com/advisories/48561 http://secunia.com/advisories/48629 http://www.mandriva.com/security/advisories?name=MDVSA-2012:032 http://www.mozilla.org/security/announce/2012/mfsa2012-12.html http://www.securitytracker.com/id?1026801 http://www.securitytracker.com/id?1026803 http://www.securitytracker.com/id?1026804 https://bugzilla.mozilla.org/show_bug.cgi? • CWE-399: Resource Management Errors •
CVE-2012-0457 – Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14)
https://notcve.org/view.php?id=CVE-2012-0457
Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. Vulnerabilidad en la gestión de recursos en la función de nsSMILTimeValueSpec::ConvertBetweenTimeContainer en Mozilla Firefox antes de v3.6.28 y v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird antes de v3.1.20 y v5.0 hasta v10.0, Thunderbird VSG v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 podría permitir a atacantes remotos ejecutar código arbitrario a través de una animación SVG. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48414 http://secunia.com/advisories/48495 http://secunia.com/advisories • CWE-399: Resource Management Errors •
CVE-2012-0459 – Mozilla: Crash when accessing keyframe cssText after dynamic modification (MFSA 2012-17)
https://notcve.org/view.php?id=CVE-2012-0459
The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. La implementación Hojas de Estilo en Cascada (CSS) en Mozilla Firefox 4.x hasta 10.0, 10.x Firefox ESR antes de 10.0.3, Thunderbird 5.0 hasta 10.0, Thunderbird ESR 10.x antes de 10.0.3, y SeaMonkey antes de 2.8 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario a través de la modificación dinámica de un fotograma clave seguido por el acceso al cssText del fotograma clave. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories/48553 http://secunia.com/advisories/48561 http://secunia.com/adviso • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0461 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0461
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3.6.28 y 4.x hasta 10.0, Firefox ESR 10.x antes de 10.0.3, Thunderbird antes de 3.1.20 y 5.0 hasta 10.0, Thunderbird ESR 10.x antes de 10.0.3 , y SeaMonkey antes de 2.8 permite a atacantes remotos causar una denegación de servicio (corrupción de la memoria y la caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48414 http://secunia.com/advisories/48495 http://secunia.com/advisories •
CVE-2012-0462 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0462
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird v5.0 a v10.0, Thunderbird ESR v10.x antes de v10.0.3, y SeaMonkey antes de v2.8 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://rhn.redhat.com/errata/RHSA-2012-0387.html http://rhn.redhat.com/errata/RHSA-2012-0388.html http://secunia.com/advisories/48359 http://secunia.com/advisories/48402 http://secunia.com/advisories/48496 http://secunia.com/advisories/48513 http://secunia.com/advisories •