CVSS: 8.8EPSS: 16%CPEs: 145EXPL: 0CVE-2012-0454
https://notcve.org/view.php?id=CVE-2012-0454
14 Mar 2012 — Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 on 32-bit Windows 7 platforms allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving use of the file-open dialog in a child window, related to the IUnknown_QueryService function in the Windows shlwapi.dll library. Vulnerabilidad en la gestión de re... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 114EXPL: 0CVE-2012-0457 – Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14)
https://notcve.org/view.php?id=CVE-2012-0457
14 Mar 2012 — Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. Vulnerabilidad en la gestión de recursos en la función de nsSMILTimeValueSpec::ConvertBetweenTimeContainer en Mozilla Firefox antes de v3.6.28 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 26%CPEs: 140EXPL: 0CVE-2012-0462 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0462
14 Mar 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html •
CVSS: 6.1EPSS: 0%CPEs: 41EXPL: 0CVE-2012-0455 – Mozilla: XSS with Drag and Drop and Javascript: URL (MFSA 2012-13)
https://notcve.org/view.php?id=CVE-2012-0455
14 Mar 2012 — Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a "DragAndDropJacking" issue. Mozilla Firefox antes de v3.6.28 y v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thun... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 12%CPEs: 114EXPL: 0CVE-2012-0463
https://notcve.org/view.php?id=CVE-2012-0463
14 Mar 2012 — The nsWindow implementation in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 does not check the validity of an instance after event dispatching, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, as demonstrated by Mobile Firefox on Andr... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 114EXPL: 0CVE-2012-0461 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0461
14 Mar 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3.6.28 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html •
CVSS: 9.8EPSS: 17%CPEs: 140EXPL: 0CVE-2012-0459 – Mozilla: Crash when accessing keyframe cssText after dynamic modification (MFSA 2012-17)
https://notcve.org/view.php?id=CVE-2012-0459
14 Mar 2012 — The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via dynamic modification of a keyframe followed by access to the cssText of the keyframe. La implementación Hojas de Estilo en Cascada (CSS) en Mozilla Firefox 4.x hasta 10.0, 10.x Firefox ESR ant... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •