CVSS: 9.8EPSS: 5%CPEs: 23EXPL: 0CVE-2012-3990 – Mozilla: Use-after-free in the IME State Manager (MFSA 2012-87)
https://notcve.org/view.php?id=CVE-2012-3990
10 Oct 2012 — Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function. Vulnerabilidad de uso después de liberación en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2012-3991 – Mozilla: GetProperty function can bypass security checks (MFSA 2012-81)
https://notcve.org/view.php?id=CVE-2012-3991
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, no restringe... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3992 – Mozilla: Spoofing and script injection through location.hash (MFSA 2012-84)
https://notcve.org/view.php?id=CVE-2012-3992
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 77%CPEs: 379EXPL: 2CVE-2012-3993 – Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution
https://notcve.org/view.php?id=CVE-2012-3993
10 Oct 2012 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox v16.0, Firefox ESR v10... • https://packetstorm.news/files/id/124564 • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3994 – Mozilla: top object and location property accessible by plugins (MFSA 2012-82)
https://notcve.org/view.php?id=CVE-2012-3994
10 Oct 2012 — Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property. Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 22EXPL: 0CVE-2012-3995 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-3995
10 Oct 2012 — The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors. La función IsCSSWordSpacingSpace en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey antes de v2.13, permite a ... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 5%CPEs: 23EXPL: 0CVE-2012-4179 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4179
10 Oct 2012 — Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la funciónn sHTMLCSSUtils::CreateCSSPropertyTxn en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v1... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.3EPSS: 9%CPEs: 23EXPL: 0CVE-2012-4180 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4180
10 Oct 2012 — Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en memoria dinámica en la función nsHTMLEditor::IsPrevCharInNodeWhitespace en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird E... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 3%CPEs: 16EXPL: 0CVE-2012-4181 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4181
10 Oct 2012 — Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsSMILAnimationController::DoSample en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •
CVSS: 9.3EPSS: 4%CPEs: 23EXPL: 0CVE-2012-4182 – Mozilla: Use-after-free, buffer overflow, and out of bounds read issues found using Address Sanitizer (MFSA 2012-85)
https://notcve.org/view.php?id=CVE-2012-4182
10 Oct 2012 — Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad de uso después de liberación en la función nsTextEditRules::WillInsert en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-125: Out-of-bounds Read CWE-416: Use After Free •