CVSS: 7.5EPSS: 3%CPEs: 198EXPL: 0CVE-2012-0441 – nss: NSS parsing errors with zero length items
https://notcve.org/view.php?id=CVE-2012-0441
05 Jun 2012 — The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. El decodificador ASN.1 en el decodificador QuickDER... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 171EXPL: 0CVE-2012-1937 – Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
https://notcve.org/view.php?id=CVE-2012-1937
05 Jun 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thu... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html •
CVSS: 9.8EPSS: 5%CPEs: 171EXPL: 0CVE-2012-1947 – Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
https://notcve.org/view.php?id=CVE-2012-1947
05 Jun 2012 — Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Desbordamiento de búfer en Mozilla Firefox v4.x hasta v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5, y SeaMonkey ant... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3079 – Debian Security Advisory 3260-1
https://notcve.org/view.php?id=CVE-2011-3079
01 May 2012 — The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de a... • http://code.google.com/p/chromium/issues/detail?id=117627 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 165EXPL: 0CVE-2012-0467 – Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20)
https://notcve.org/view.php?id=CVE-2012-0467
25 Apr 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, ... • http://secunia.com/advisories/48920 •
CVSS: 7.5EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0479 – Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33)
https://notcve.org/view.php?id=CVE-2012-0479
25 Apr 2012 — Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 permite a atacantes remotos falsificar la barra de dirección a través de una UR... • http://secunia.com/advisories/48920 •
CVSS: 6.1EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0474 – Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27)
https://notcve.org/view.php?id=CVE-2012-0474
25 Apr 2012 — Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." Múltiples vulnerabilidades de ejcución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR... • http://secunia.com/advisories/48972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0478 – Mozilla: Crash with WebGL content using textImage2D (MFSA 2012-30)
https://notcve.org/view.php?id=CVE-2012-0478
25 Apr 2012 — The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. La implementación de texImage2D en el subsistema WebGL en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunde... • http://secunia.com/advisories/48972 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0471 – Mozilla: Potential XSS via multibyte content processing errors (MFSA 2012-24)
https://notcve.org/view.php?id=CVE-2012-0471
25 Apr 2012 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set. Ejecución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey a... • http://secunia.com/advisories/48920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0473 – Mozilla: WebGL.drawElements may read illegal video memory due to FindMaxUshortElement error (MFSA 2012-26)
https://notcve.org/view.php?id=CVE-2012-0473
25 Apr 2012 — The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. La función WebGLBuffer::FindMaxUshortElement en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes d... • http://secunia.com/advisories/48972 • CWE-189: Numeric Errors •