CVSS: 4.3EPSS: 0%CPEs: 126EXPL: 0CVE-2012-0446
https://notcve.org/view.php?id=CVE-2012-0446
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. Múltiples vuelnerabilidades de ejccución de secuencias de comandos en sitios cruzados en Mozilla Firefox v4.x hasta v9.0, Thunderbird v5.0 hasta v9.0, y SeaMonkey antes de v2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un (1) pagina web o (2) extensión de Firefox, relacionados con la aplicación incorrecta de las restricciones de seguridad XPConnect de secuencias de comandos de tramas que llaman a objetos que no son de confianza. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-05.html http://www.securityfocus.com/bid/51752 https://bugzilla.mozilla.org/show_bug.cgi?id=705651 https://exchange.xforce.ibmcloud.com/vulnerabilities/72837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 123EXPL: 0CVE-2012-0450
https://notcve.org/view.php?id=CVE-2012-0450
Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. Mozilla Firefox 4.x hasta la versión 9.0 y SeaMonkey anteriores a la 2.7 en Linux y Mac OS X establecen permisos débiles para Firefox Recovery Key.html, lo que puede permitir a usuarios locales leer una clave Firefox Sync a través de un operación del sistema de archivos estándar. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://osvdb.org/78741 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-09.html https://bugzilla.mozilla.org/show_bug.cgi?id=716868 https://exchange.xforce.ibmcloud.com/vulnerabilities/72869 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14670 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 126EXPL: 0CVE-2012-0447
https://notcve.org/view.php?id=CVE-2012-0447
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 no inicializan apropiadamente datos de imágenes image/vnd.microsoft.icon, lo que permite a atacantes remotos obtener información potencialmente sensible leyendo una imagen PNG creada a través de una imagen ICO. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-06.html https://bugzilla.mozilla.org/show_bug.cgi?id=710079 https://exchange.xforce.ibmcloud.com/vulnerabilities/72856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14912 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 59%CPEs: 126EXPL: 0CVE-2012-0443
https://notcve.org/view.php?id=CVE-2012-0443
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta la v9.0, Thunderbird v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=665578 https://bugzilla.mozilla.org/show_bug.cgi?id=684938 https://bugzilla.mozilla.org/show_bug.cgi?id=692817 https://bugzilla.mozilla.org/show_bug.cgi? •
CVSS: 5.0EPSS: 0%CPEs: 316EXPL: 0CVE-2011-3670 – Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)
https://notcve.org/view.php?id=CVE-2011-3670
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Mozilla Firefox antes de v3.6.26 y v4.x hasta la v6.0, Thunderbird antes de v3.1.18 y v5.0 a v6.0 y SeaMonkey antes de v2.4 no aplican correctamente la sintaxis de direcciones IPv6 literales, lo que permite a atacantes remotos obtener información sensible mediante la realización de llamadas XMLHttpRequest a través de un proxy y leyendo los mensajes de error. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-02.html h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •