Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable6559.PRM
HistoryAug 30, 2012 - 12:00 a.m.

Mozilla Firefox < 15.0 Multiple Vulnerabilities

2012-08-3000:00:00
Tenable
www.tenable.com
13
JSON

Versions of Firefox prior to 15.0 are potentially affected by the following security issues :

  • An error exists related to β€˜Object.defineProperty’ and the location object and can allow cross-site scripting attacks. (CVE-2012-1956)
  • Unspecified memory safety issues exist. (CVE-2012-1970,CVE-2012-1971)
  • Multiple use-after-free errors exist. (CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964)
  • An error exists related to β€˜about:newtab’ and the browser’s history. This error can allow a newly opened tab to further open a new window and navigate to the privileged β€˜about:newtab’ page leading to possible privilege escalation. (CVE-2012-3965)
  • An error exists related to bitmap (BMP) and icon (ICO) file decoding that can lead to memory corruption causing application crashes and potentially arbitrary code execution. (CVE-2012-3966)
  • A use-after-free error exists related to WebGL shaders. (CVE-2012-3968)
  • A buffer overflow exists related to SVG filters. (CVE-2012-3969)
    A use-after-free error exists related to elements having β€˜requiredFeatures’ attributes. (CVE-2012-3970)
  • A β€˜Graphite 2’ library memory corruption error exists. (CVE-2012-3971)
  • An XSLT out-of-bounds read error exists related to β€˜format-number’. (CVE-2012-3972)
  • Remote debugging is possible even when disabled and the β€˜HTTPMonitor’ extension is enabled. (CVE-2012-3973)
  • The installer can be ticked into running unauthorized executables. (CVE-2012-3974)
  • The DOM parser can unintentionally load linked resources in extensions. (CVE-2012-3975)
  • Incorrect SSL certificate information can be displayed in the address bar when two β€˜onLocationChange’ events fire out of order. (CVE-2012-3976)
  • Security checks related to location objects can be bypassed if crafted calls are made to the browser chrome code. (CVE-2012-3978)
  • Calling β€˜eval’ in the web console can allow injected code to be executed with browser chrome privileges. (CVE-2012-3980)
Binary data 6559.prm
VendorProductVersionCPE
mozillafirefoxcpe:/a:mozilla:firefox

References

Related

nessus 37
openvas 72
suse 4
ubuntu 4
securityvulns 1
redhat 2
veracode 20
freebsd 1
oraclelinux 2
centos 2
mozilla 8
osv 3
debian 3
ibm 2
prion 12
ubuntucve 14
cve 10
seebug 2
nessus
nessus
Firefox < 15.0 Multiple Vulnerabilities
2012-08-29 00:00:00
Mozilla Firefox 14.x <= 14 Multiple Vulnerabilities
2012-08-30 00:00:00
Thunderbird < 15.0 Multiple Vulnerabilities (Mac OS X)
2012-08-29 00:00:00
openvas
openvas
SuSE Update for MozillaFirefox openSUSE-SU-2012:1064-1 (MozillaFirefox)
2012-12-13 00:00:00
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2012:1065-1)
2013-03-11 00:00:00
SuSE Update for MozillaFirefox openSUSE-SU-2012:1065-1 (MozillaFirefox)
2013-03-11 00:00:00
suse
suse
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:15
MozillaFirefox: Update to version 15 (critical)
2012-08-30 12:09:32
Security update for Mozilla Firefox (important)
2012-09-14 02:08:30
ubuntu
ubuntu
Firefox vulnerabilities
2012-08-29 00:00:00
Firefox regression
2012-09-11 00:00:00
Thunderbird regressions
2012-09-28 00:00:00
securityvulns
securityvulns
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
2012-09-18 00:00:00
redhat
redhat
(RHSA-2012:1211) Critical: thunderbird security update
2012-08-29 00:00:00
(RHSA-2012:1210) Critical: firefox security update
2012-08-29 00:00:00
veracode
veracode
Memory Corruption
2019-05-02 04:42:51
Denial Of Service (DoS)
2019-05-02 04:42:57
Information Disclosure
2019-05-02 04:42:57
freebsd
freebsd
mozilla -- multiple vulnerabilities
2012-08-28 00:00:00
oraclelinux
oraclelinux
firefox security update
2012-08-29 00:00:00
thunderbird security update
2012-08-29 00:00:00
centos
centos
thunderbird security update
2012-08-29 12:53:01
firefox, xulrunner security update
2012-08-29 12:43:30
mozilla
mozilla
Use-after-free issues found using Address Sanitizer β€” Mozilla
2012-08-28 00:00:00
Miscellaneous memory safety hazards (rv:15.0/ rv:10.0.7) β€” Mozilla
2012-08-28 00:00:00
SVG buffer overflow and use-after-free issues β€” Mozilla
2012-08-28 00:00:00
osv
osv
iceweasel - several
2012-09-24 00:00:00
icedove - several
2012-10-07 00:00:00
iceape - several
2012-09-26 00:00:00
debian
debian
[SECURITY] [DSA 2556-1] icedove security update
2012-10-07 13:13:58
[SECURITY] [DSA 2554-1] iceape security update
2012-09-26 19:00:31
[SECURITY] [DSA 2553-1] iceweasel security update
2012-09-24 17:18:25
ibm
ibm
Security Bulletin: Storwize V7000 Unified V1.4.1.0 Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities
2022-09-26 04:23:14
prion
prion
Code injection
2012-08-29 10:56:00
Code injection
2012-08-29 10:56:00
Code injection
2012-08-29 10:56:00
ubuntucve
ubuntucve
CVE-2012-3965
2012-08-29 00:00:00
CVE-2012-3975
2012-08-29 00:00:00
CVE-2012-3971
2012-08-29 00:00:00
cve
cve
CVE-2012-3965
2012-08-29 10:56:00
CVE-2012-3973
2012-08-29 10:56:00
CVE-2012-3971
2012-08-29 10:56:00
seebug
seebug
Mozilla Firefox about:newtabζƒι™ζε‡ζΌζ΄ž
2012-08-30 00:00:00
Mozilla Firefox/Thunderbird/SeaMonkeyζœ¬εœ°δ»£η ζ‰§θ‘ŒζΌζ΄ž
2012-09-04 00:00:00
JSON
Related for 6559.PRM
nessus37openvas72suse4ubuntu4securityvulns1redhat2veracode20freebsd1oraclelinux2centos2mozilla8osv3debian3ibm2prion12ubuntucve14cve10seebug2