CVSS: 10.0EPSS: 60%CPEs: 126EXPL: 0CVE-2012-0443
https://notcve.org/view.php?id=CVE-2012-0443
01 Feb 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x hasta la v9.0, Thunderbird v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 permiten a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html •
CVSS: 9.8EPSS: 2%CPEs: 15EXPL: 1CVE-2012-0442 – Mozilla: memory safety hazards in 10.0/1.9.2.26 (MFSA 2012-01)
https://notcve.org/view.php?id=CVE-2012-0442
01 Feb 2012 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de 3v.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html •
CVSS: 5.3EPSS: 0%CPEs: 316EXPL: 0CVE-2011-3670 – Mozilla: Same-origin bypass using IPv6-like hostname syntax (MFSA 2012-02)
https://notcve.org/view.php?id=CVE-2011-3670
01 Feb 2012 — Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. Mozilla Firefox antes de v3.6.26 y v4.x hasta la v6.0, Thunderbird antes de v3.1.18 y v5.0 a v6.0 y SeaMonkey antes de v2.4 no aplican correctamente la sintaxis de direcciones IPv6 literales,... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 38%CPEs: 19EXPL: 1CVE-2012-0444 – Mozilla Firefox Ogg Vorbis Decoding Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0444
01 Feb 2012 — Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file. Mozilla Firefox v3.6.26 y v4.x hasta el v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de v2.7 no inicializa correctamente las estructuras ... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 126EXPL: 0CVE-2012-0447
https://notcve.org/view.php?id=CVE-2012-0447
01 Feb 2012 — Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 no inicializan apropiadamente datos de imágenes image/vnd.microsoft.icon, lo que permite a atacantes ... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 126EXPL: 0CVE-2012-0446
https://notcve.org/view.php?id=CVE-2012-0446
01 Feb 2012 — Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects. Múltiples vuelnerabilidades de ejccución de secuencias de comandos en sitios cruzados en Mozilla Firefox v4.x hasta v9.0, Thunderbird v5.0 hasta v9.0... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 126EXPL: 0CVE-2012-0445
https://notcve.org/view.php?id=CVE-2012-0445
01 Feb 2012 — Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. Mozilla Firefox 4.x hasta la versión 9.0, Thunderbird 5.0 hasta la 9.0 y SeaMonkey anteriores a la 2.7 permiten a atacantes remotos evitar la política de "frame-navigation" HTML5 y reemplazar sub-frames arbitrarios creando un objetivo de envío de formul... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 93%CPEs: 13EXPL: 2CVE-2011-3659 – Mozilla Firefox AttributeChildRemoved Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-3659
01 Feb 2012 — Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes. Una vulnerabilidad de uso después de liberaciónen Mozilla Firefox antes de v3.6.26 y v4.x hasta la v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta la v9.0 y SeaMonkey antes de... • https://www.exploit-db.com/exploits/18870 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 5%CPEs: 15EXPL: 0CVE-2012-0449 – Mozilla: Crash when rendering SVG+XSLT (MFSA 2012-08)
https://notcve.org/view.php?id=CVE-2012-0449
01 Feb 2012 — Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document. Mozilla Firefox antes de v3.6.26 y v4.x hasta v9.0, Thunderbird antes de v3.1.18 y v5.0 hasta v9.0, y SeaMonkey antes de v2.7, permite a atacantes remotos provocar una denegación de servicio (corr... • http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 5%CPEs: 100EXPL: 0CVE-2011-3665
https://notcve.org/view.php?id=CVE-2011-3665
21 Dec 2011 — Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling. Mozilla Firefox v4.x hasta v8.0, Thunderbird v5.0 hasta v8.0, y SeaMonkey antes de v2.6, permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de u... • http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00001.html • CWE-399: Resource Management Errors •