CVSS: 9.8EPSS: 18%CPEs: 171EXPL: 0CVE-2012-1941 – Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
https://notcve.org/view.php?id=CVE-2012-1941
05 Jun 2012 — Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Un desbordamiento de búfer basado en memoria dinámica en la función nsHTMLReflowState::CalculateHypothetic... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 171EXPL: 0CVE-2012-1946 – Mozilla: Use-after-free while replacing/inserting a node in a document (MFSA 2012-38)
https://notcve.org/view.php?id=CVE-2012-1946
05 Jun 2012 — Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node. Vulnerabilidad de error en la gestión de recursos en la función nsINode::ReplaceOrInsertBefore en Mozilla Firefox v4.x hasta v12.0, Firefox ESR v10.x ant... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 18%CPEs: 171EXPL: 0CVE-2012-1947 – Mozilla: Buffer overflow and use-after-free issues found using Address Sanitizer (MFSA 2012-40)
https://notcve.org/view.php?id=CVE-2012-1947
05 Jun 2012 — Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Desbordamiento de búfer en Mozilla Firefox v4.x hasta v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes de v10.0.5, y SeaMonkey ant... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3079 – Debian Security Advisory 3260-1
https://notcve.org/view.php?id=CVE-2011-3079
01 May 2012 — The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de a... • http://code.google.com/p/chromium/issues/detail?id=117627 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 3%CPEs: 165EXPL: 0CVE-2012-0478 – Mozilla: Crash with WebGL content using textImage2D (MFSA 2012-30)
https://notcve.org/view.php?id=CVE-2012-0478
25 Apr 2012 — The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. La implementación de texImage2D en el subsistema WebGL en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunde... • http://secunia.com/advisories/48972 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 26%CPEs: 165EXPL: 0CVE-2012-0467 – Mozilla: Miscellaneous memory safety hazards (rv:12.0/ rv:10.0.4) (MFSA 2012-20)
https://notcve.org/view.php?id=CVE-2012-0467
25 Apr 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, ... • http://secunia.com/advisories/48920 •
CVSS: 6.1EPSS: 0%CPEs: 165EXPL: 0CVE-2012-0474 – Mozilla: Page load short-circuit can lead to XSS (MFSA 2012-27)
https://notcve.org/view.php?id=CVE-2012-0474
25 Apr 2012 — Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)." Múltiples vulnerabilidades de ejcución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v4.x hasta v11.0, Firefox ESR... • http://secunia.com/advisories/48972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 15%CPEs: 166EXPL: 0CVE-2012-0469 – Mozilla: use-after-free in IDBKeyRange (MFSA 2012-22)
https://notcve.org/view.php?id=CVE-2012-0469
25 Apr 2012 — Use-after-free vulnerability in the mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to execute arbitrary code via vectors related to crafted IndexedDB data. Vulnerabilidad de error en la gestión de recursos en la función mozilla::dom::indexedDB::IDBKeyRange::cycleCollection::Trace en Mozilla Firefox v4.x ... • http://secunia.com/advisories/48972 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 165EXPL: 0CVE-2012-0479 – Mozilla: Potential site identity spoofing when loading RSS and Atom feeds (MFSA 2012-33)
https://notcve.org/view.php?id=CVE-2012-0479
25 Apr 2012 — Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to spoof the address bar via an https URL for invalid (1) RSS or (2) Atom XML content. Mozilla Firefox v4.x hasta v11.0, Firefox ESR v10.x antes de v10.0.4, Thunderbird v5.0 hasta v11.0, Thunderbird ESR v10.x antes de v10.0.4, y SeaMonkey antes de v2.9 permite a atacantes remotos falsificar la barra de dirección a través de una UR... • http://secunia.com/advisories/48920 •
CVSS: 9.8EPSS: 4%CPEs: 164EXPL: 0CVE-2012-0472 – Mozilla: Potential memory corruption during font rendering using cairo-dwrite (MFSA 2012-25)
https://notcve.org/view.php?id=CVE-2012-0472
25 Apr 2012 — The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9, when certain Windows Vista and Windows 7 configurations are used, does not properly restrict font-rendering attempts, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. La implementación de cairo-dwrite en Mozilla Firefox v4.x hast... • http://secunia.com/advisories/48972 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •