CVSS: 10.0EPSS: 3%CPEs: 26EXPL: 0CVE-2012-1974 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1974
29 Aug 2012 — Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función gfxTextRun::CanBreakLineBefore en Mozilla Firefox anterior a v15.0, Firefox ESR v10.x ante... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 26EXPL: 0CVE-2012-1970 – Mozilla: Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) (MFSA 2012-57)
https://notcve.org/view.php?id=CVE-2012-1970
29 Aug 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anterior a v15,0, Firefox ESR v10.x anterior a v10.0.7, Thunder... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 3%CPEs: 26EXPL: 0CVE-2012-1973 – Mozilla: Multiple Use-after-free issues (MFSA 2012-58)
https://notcve.org/view.php?id=CVE-2012-1973
29 Aug 2012 — Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. Vulnerabilidad usar-después-liberar(use-after-free) en la función nsObjectLoadingContent::LoadObject en Mozilla Firefox anterior a v15.0, Firefox ESR v1... • http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 2%CPEs: 21EXPL: 3CVE-2012-1938 – Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)
https://notcve.org/view.php?id=CVE-2012-1938
05 Jun 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firef... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3079 – Debian Security Advisory 3260-1
https://notcve.org/view.php?id=CVE-2011-3079
01 May 2012 — The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de a... • http://code.google.com/p/chromium/issues/detail?id=117627 • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3062 – Mozilla: Off-by-one error in OpenType Sanitizer (MFSA 2012-31)
https://notcve.org/view.php?id=CVE-2011-3062
30 Mar 2012 — Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file. Error de tipo "Off-by-one" en OpenType Sanitizer en Google Chrome anterior a v18.0.1025.142 permite a atacantes remotos causar una denegación de servicio o posiblemente tener un impacto no especificado a través de un archivo modificado de OpenType. • http://code.google.com/p/chromium/issues/detail?id=116524 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-682: Incorrect Calculation •
CVSS: 8.8EPSS: 0%CPEs: 114EXPL: 0CVE-2012-0456 – Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14)
https://notcve.org/view.php?id=CVE-2012-0456
14 Mar 2012 — The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. La implementación de filtros SVG en Mozilla Firefox antes de v3.6.28 y v4.x hasta v10.0, Firefox ESR v10.x antes de v10.0.3, Thunderbird antes de v3.1.20 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 114EXPL: 1CVE-2012-0458 – Mozilla: Escalation of privilege with Javascript: URL as home page (MFSA 2012-16)
https://notcve.org/view.php?id=CVE-2012-0458
14 Mar 2012 — Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context. Mozilla Firefox antes de v3.6.28 ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 114EXPL: 0CVE-2012-0464 – Mozilla: Miscellaneous memory safety hazards (rv:11.0/ rv:10.0.3 / rv:1.9.2.28) (MFSA 2012-19)
https://notcve.org/view.php?id=CVE-2012-0464
14 Mar 2012 — Use-after-free vulnerability in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allows remote attackers to execute arbitrary code via vectors involving an empty argument to the array.join function in conjunction with the triggering of garbage collection. Vulnerabilidad en la gestión de recursos en el motor del navegador de Mozilla Firefox v3.6... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 114EXPL: 0CVE-2012-0457 – Mozilla: SVG issues found with Address Sanitizer (MFSA 2012-14)
https://notcve.org/view.php?id=CVE-2012-0457
14 Mar 2012 — Use-after-free vulnerability in the nsSMILTimeValueSpec::ConvertBetweenTimeContainer function in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to execute arbitrary code via an SVG animation. Vulnerabilidad en la gestión de recursos en la función de nsSMILTimeValueSpec::ConvertBetweenTimeContainer en Mozilla Firefox antes de v3.6.28 y ... • http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html • CWE-399: Resource Management Errors •