Page 64 of 689 results (0.014 seconds)

CVSS: 9.3EPSS: 3%CPEs: 15EXPL: 1

CVE-2012-0442 – Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)

https://notcve.org/view.php?id=CVE-2012-0442

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3v.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.debian.org/security/2012/dsa-2400 http://www.debian.org/security/2012/dsa-2402 http://www.debian.org/security/2012/dsa-2406 http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-01.html h •

CVSS: 9.3EPSS: 92%CPEs: 13EXPL: 2

CVE-2011-3659 – Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-3659

Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Una vulnerabilidad de uso después de liberaciónen Mozilla Firefox antes de v3.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores relacionados con notificaciones AttributeChildRemoved incorrectas que afectan el acceso a nodos hijos nsDOMAttribute. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles nsDOMAttribute child removal. It is possible to remove a child without setting the removed child pointer to NULL, thus leaving it still accessible as a dangling pointer. • https://www.exploit-db.com/exploits/18870 http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:013 http://www.mozilla.org/security/announce/2012/mfsa2012-04.html https://bugzilla.mozilla.org/show_bug.cgi?id=708198 https://oval.cisecurity.org/repository/search/definit • CWE-416: Use After Free •

CVSS: 7.5EPSS: 95%CPEs: 3EXPL: 1

CVE-2011-3658 – Mozilla Firefox nsSVGValue Out-of-Bounds Access Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2011-3658

The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and SeaMonkey 2.5 does not properly interact with DOMAttrModified event handlers, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via vectors involving removal of SVG elements. La implementación de SVG en Mozilla Firefox v8.0, Thunderbird v8.0, y SeaMonkey v2.6, no interactua correctamente con los manejadores de eventos DOMAttrModified, lo que permite a atacantes remotos provocar una denegación de servicio (acceso fuera de límites de memoria) o posiblemente tener otro impacto no especificado a través de vectores que implican la eliminación de elementos SVG. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of nsSVGValue observers. A certain method call can be made to loop excessively causing an out-of-bounds memory access. • https://www.exploit-db.com/exploits/18847 http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html http://osvdb.org/77953 http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://secunia.com/advisories/48495 http://secunia.com/advisories/48553 http://secunia.com/advisories/48823 http://secunia.com/advi • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 5%CPEs: 100EXPL: 0

CVE-2011-3665

https://notcve.org/view.php?id=CVE-2011-3665

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. Mozilla Firefox v4.x hasta v8.0, Thunderbird v5.0 hasta v8.0, y SeaMonkey antes de v2.6, permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de un elemento VIDEO Ogg que no sea manipulado apropiadamente despues del escalado. • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00009.html http://osvdb.org/77956 http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://www.mandriva.com/security/advisories?name=MDVSA-2011:192 http://www.mozilla.org/security/announce/2011/mfsa2011-58.html http://www.securitytracker.com/id?1026445 http://www.securitytracker.com/id?1026446 http://www.securitytracker.com/id • CWE-399: Resource Management Errors •

CVSS: 6.8EPSS: 1%CPEs: 326EXPL: 0

CVE-2011-3664

https://notcve.org/view.php?id=CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site. Mozilla Firefox antes de v9.0, Thunderbird antes de v9.0, y SeaMonkey antes de v2.6 en Mac OS X, no maneja apropiadamente algunos supresiones de marcos DOM por los complementos, lo que permite a atacantes remotos provocar una denegación de servicio (desreferencia a puntero incorrecto y caída de la aplicacion) o posiblemente tener otros impactos no especificados a través de un sitio web modificado. • http://secunia.com/advisories/47302 http://secunia.com/advisories/47334 http://www.mozilla.org/security/announce/2011/mfsa2011-57.html http://www.securitytracker.com/id?1026445 http://www.securitytracker.com/id?1026446 http://www.securitytracker.com/id?1026447 https://bugzilla.mozilla.org/show_bug.cgi?id=649079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14574 •