CVSS: 9.8EPSS: 40%CPEs: 23EXPL: 0CVE-2012-4186 – Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)
https://notcve.org/view.php?id=CVE-2012-4186
10 Oct 2012 — Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en la función nsWaveReader::DecodeAudioData en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de v10.0.8, y SeaMonkey ant... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 379EXPL: 2CVE-2012-3993 – Mozilla Firefox 5.0 < 15.0.1 - __exposedProps__ XCS Code Execution
https://notcve.org/view.php?id=CVE-2012-3993
10 Oct 2012 — The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. La implementación Chrome Object Wrapper (COW) en Mozilla Firefox v16.0, Firefox ESR v10... • https://packetstorm.news/files/id/124564 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 6%CPEs: 22EXPL: 0CVE-2012-4185 – Mozilla: Heap memory corruption issues found using Address Sanitizer (MFSA 2012-86)
https://notcve.org/view.php?id=CVE-2012-4185
10 Oct 2012 — Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Desbordamiento de búfer en la función nsCharTraits::length en Mozilla Firefox v16.0, Firefox ESR v10.x antes de v10.0.8, Thunderbird antes de v16.0, Thunderbird ESR v10.x antes de... • http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 24EXPL: 0CVE-2012-3963 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3963
29 Aug 2012 — Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función js::gc::MapAllocToTraceKind en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, Thunderbird ES... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 9.3EPSS: 1%CPEs: 263EXPL: 0CVE-2012-3980 – Mozilla: Web console eval capable of executing chrome-privileged code (MFSA 2012-72)
https://notcve.org/view.php?id=CVE-2012-3980
29 Aug 2012 — The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. La consola web en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird anterior a v15.0, y Thunderbird ESR v10.x anterior a v10.0.7 permite a atacantes remotos a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 12%CPEs: 328EXPL: 0CVE-2012-3971
https://notcve.org/view.php?id=CVE-2012-3971
29 Aug 2012 — Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Summer Institute of Linguistics (SIL) Graphite v2, cuando es usado en Mozilla Firefox anterior a v15.0, Thunderbird anterior a v15.0, y SeaMonkey anterior a v2.12, permite a atacantes rem... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 24EXPL: 1CVE-2012-3961 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3961
29 Aug 2012 — Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la implementación RangeData en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7, Thunderbird a... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 342EXPL: 0CVE-2012-3978 – Mozilla: Location object security checks bypassed by chrome code (MFSA 2012-70)
https://notcve.org/view.php?id=CVE-2012-3978
29 Aug 2012 — The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. La función nsLocation::CheckURL en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 3%CPEs: 26EXPL: 0CVE-2012-1972 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1972
29 Aug 2012 — Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsHTMLEditor::CollapseAdjacentTextNodes en Mozilla Firefox anterior a v15.0, Fire... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 23%CPEs: 342EXPL: 0CVE-2012-3964 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-3964
29 Aug 2012 — Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función gfxTextRun::GetUserData en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x anterior a v10.0.7... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-399: Resource Management Errors CWE-416: Use After Free •