CVE-2012-0445
https://notcve.org/view.php?id=CVE-2012-0445
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 permiten a atacantes remotos evitar la política de "frame-navigation" HTML5 y reemplazar sub-frames arbitrarios creando un objetivo de envío de formulario ("form submission target") con un atributo de nombre de sub-frame. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://osvdb.org/78735 http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-03.html http://www.securityfocus.com/bid/51765 https://bugzilla.mozilla.org/show_bug.cgi?id=701071 https://exchange.xforce.ibmcloud.com/vulnerabilities/72835 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0446
https://notcve.org/view.php?id=CVE-2012-0446
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. Múltiples vuelnerabilidades de ejccución de secuencias de comandos en sitios cruzados en Mozilla Firefox v4.x hasta v9.0, Thunderbird v5.0 hasta v9.0, y SeaMonkey antes de v2.7, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un (1) pagina web o (2) extensión de Firefox, relacionados con la aplicación incorrecta de las restricciones de seguridad XPConnect de secuencias de comandos de tramas que llaman a objetos que no son de confianza. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-05.html http://www.securityfocus.com/bid/51752 https://bugzilla.mozilla.org/show_bug.cgi?id=705651 https://exchange.xforce.ibmcloud.com/vulnerabilities/72837 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-0450
https://notcve.org/view.php?id=CVE-2012-0450
Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. Mozilla Firefox 4.x hasta la versión 9.0 y SeaMonkey anteriores a la 2.7 en Linux y Mac OS X establecen permisos débiles para Firefox Recovery Key.html, lo que puede permitir a usuarios locales leer una clave Firefox Sync a través de un operación del sistema de archivos estándar. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://osvdb.org/78741 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-09.html https://bugzilla.mozilla.org/show_bug.cgi?id=716868 https://exchange.xforce.ibmcloud.com/vulnerabilities/72869 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14670 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-0447
https://notcve.org/view.php?id=CVE-2012-0447
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 no inicializan apropiadamente datos de imágenes image/vnd.microsoft.icon, lo que permite a atacantes remotos obtener información potencialmente sensible leyendo una imagen PNG creada a través de una imagen ICO. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://secunia.com/advisories/49055 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-06.html https://bugzilla.mozilla.org/show_bug.cgi?id=710079 https://exchange.xforce.ibmcloud.com/vulnerabilities/72856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14912 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-0443
https://notcve.org/view.php?id=CVE-2012-0443
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta la v9.0, Thunderbird v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-01.html https://bugzilla.mozilla.org/show_bug.cgi?id=665578 https://bugzilla.mozilla.org/show_bug.cgi?id=684938 https://bugzilla.mozilla.org/show_bug.cgi?id=692817 https://bugzilla.mozilla.org/show_bug.cgi? •