CVSS: 10.0EPSS: 59%CPEs: 127EXPL: 0CVE-2012-1954 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1954
18 Jul 2012 — Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. Una vulnerabilidad de uso después de liberación en la función nsDocument::adoptNode en Mozilla Firefox v4.x a... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1955 – Mozilla: Spoofing issue with location (MFSA 2012-45)
https://notcve.org/view.php?id=CVE-2012-1955
18 Jul 2012 — Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6, y SeaMonkey antes de v2.11 permiten a atacantes remotos falsificar los datos de la barra de direcciones a través... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 9.3EPSS: 29%CPEs: 127EXPL: 0CVE-2012-1952 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1952
18 Jul 2012 — The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. La función nsTableFrame::InsertFrames en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thun... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1953 – Mozilla: Gecko memory corruption (MFSA 2012-44)
https://notcve.org/view.php?id=CVE-2012-1953
18 Jul 2012 — The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. La función ElementAnimations::EnsureStyleRuleFor en Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 127EXPL: 0CVE-2012-1963 – Mozilla: Content Security Policy 1.0 implementation errors cause data leakage (MFSA 2012-53)
https://notcve.org/view.php?id=CVE-2012-1963
18 Jul 2012 — The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. La Política de Seguridad de Contenidos (CSP) en Mozilla Firefox v4.x a v13.0, Firefox ... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 8%CPEs: 127EXPL: 0CVE-2012-1958 – Mozilla: use-after-free in nsGlobalWindow::PageHidden (MFSA 2012-48)
https://notcve.org/view.php?id=CVE-2012-1958
18 Jul 2012 — Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. Una vulnerabilidad de uso después de liberación en la función de nsGlobalWindow::PageHidden en Mozilla Firefox v4.x av13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 127EXPL: 0CVE-2012-1967 – Mozilla: Code execution through javascript: URLs (MFSA 2012-56)
https://notcve.org/view.php?id=CVE-2012-1967
18 Jul 2012 — Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. Mozilla Firefox v4.x a v13.0, Firefox ESR v10.x antes de v10.0.6, Thunderbird v5.0 a v13.0, Thunderbird ESR v10.x antes de v10.0.6 y SeaMonkey antes de v2.11 no implementan adecuada... • http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html •
CVSS: 8.8EPSS: 3%CPEs: 100EXPL: 0CVE-2011-3671 – Mozilla Firefox nsHTMLSelectElement Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3671
18 Jun 2012 — Use-after-free vulnerability in the nsHTMLSelectElement function in nsHTMLSelectElement.cpp in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allows remote attackers to execute arbitrary code via vectors involving removal of the parent node of an element. Vulnerabilidad de uso después de la liberación en la anterior a v2.6, permite a atacantes remotos ejecutar código arbitrario mediante la vectores que implican la eliminación del nodo padre de un elemento. This vulner... • http://www.mozilla.org/security/announce/2012/mfsa2012-41.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 10%CPEs: 198EXPL: 0CVE-2012-0441 – nss: NSS parsing errors with zero length items
https://notcve.org/view.php?id=CVE-2012-0441
05 Jun 2012 — The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. El decodificador ASN.1 en el decodificador QuickDER... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 171EXPL: 0CVE-2012-1945 – Mozilla: Information disclosure though Windows file shares and shortcut files (MFSA 2012-37)
https://notcve.org/view.php?id=CVE-2012-1945
05 Jun 2012 — Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba. Mozilla Firefox v4.x a v12.0, Firefox ESR v10.x antes de v10.0.5, Thunderbird v5.0 a v12.0, Thunderbird ESR v10.x antes d... • http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •