19 matches found
CVE-2013-4002
CVE-2013-4002 affects the Xerces2 Java XML parser. XMLScanner.java in Xerces2 Java Parser before 2.12.0 (as used in various JREs and Oracle/Jakarta distributions) could allow remote denial of service via vectors related to XML attribute names. IBM and other vendors document DoS impact on affected...
CVE-2012-4186
CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...
CVE-2012-3990
CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...
CVE-2012-3986
CVE-2012-3986 affects Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8), Thunderbird prior to 16.0, and SeaMonkey before 2.13. The root cause is that certain DOMWindowUtils (nsDOMWindowUtils) methods were not protected by security checks, allowing remote JavaScript to bypass in...
CVE-2012-3991
CVE-2012-3991 affects Mozilla Firefox and related Mozilla products: Firefox and Firefox ESR before the 16.0 line, Thunderbird before 16.0, and SeaMonkey before 2.13 did not properly restrict JSAPI GetProperty access, bypassing the Same Origin Policy. This vulnerability could allow remote attacker...
CVE-2012-3982
CVE-2012-3982 affects Mozilla Firefox before 16.0, Firefox ESR before 10.0.8, Thunderbird before 16.0, Thunderbird ESR before 10.0.8, and SeaMonkey before 2.13. The description notes multiple unspecified vulnerabilities in the browser engine that can cause memory corruption and application crashe...
CVE-2012-4185
CVE-2012-4185 describes a buffer overflow in Mozilla Firefox’s nsCharTraits::length function that could allow remote code execution or a heap memory corruption in Firefox <16.0, ESR 10.x <10.0.8, Thunderbird <16.0/ESR 10.x <10.0.8, and SeaMonkey
CVE-2012-4188
CVE-2012-4188 is a heap-based buffer overflow in Mozilla Firefox’s Convolve3x3 path, affecting Firefox before 16.0 (and ESR 10.x before 10.0.8), Thunderbird before 16.0 (and ESR 10.x before 10.0.8), and SeaMonkey before 2.13. The vulnerability allows remote code execution via unspecified vectors;...
CVE-2012-3992
CVE-2012-3992 affects Mozilla Firefox (and related Firefox-based apps) where history data is not properly handled. The flaw lets remote attackers perform cross-site scripting (XSS) or obtain sensitive POST content via a location.hash write operation combined with history navigation that loads a U...
CVE-2012-3994
Mode C: CVE-2012-3994 affects Mozilla Firefox family and related Mozilla components (e.g., Firefox, Firefox ESR, Thunderbird, SeaMonkey). Root cause: use of Object.defineProperty to shadow the top object and interaction with top.location, enabling remote XSS via a binary plugin. Affected versions...
CVE-2012-3988
CVE-2012-3988 is a use-after-free vulnerability in Mozilla Firefox (pre-16.0), Firefox ESR (pre-10.0.8), Thunderbird (pre-16.0), Thunderbird ESR (pre-10.0.8), and SeaMonkey (pre-2.13). It can be triggered via mozRequestFullScreen with full-screen mode and navigation via history.back, potentially ...
CVE-2012-3995
CVE-2012-3995 affects Mozilla Firefox and related Mozilla applications. The vulnerability arises from the IsCSSWordSpacingSpace function in Firefox (and Firefox ESR 10.x, Thunderbird, SeaMonkey as listed) where an out-of-bounds read could be exploited to run arbitrary code or trigger a denial-of-...
CVE-2014-1504
CVE-2014-1504 affects Mozilla Firefox (pre-28.0) and SeaMonkey (pre-2.25). The session-restore feature does not honor the CSP of data: URLs, enabling remote XSS via a crafted document opened after a browser restart. The impact stated is cross-site scripting with partial integrity/complete confide...
CVE-2012-4187
CVE-2012-4187 is listed in the MiracleLinux/Miracle Linux AXSA advisory as affecting Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13. The vulnerability is described as an issue with managing a cert...
CVE-2012-4180
CVE-2012-4180 : A heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox prior to 16.0 (and Firefox ESR 10.x prior to 10.0.8; Thunderbird prior to 16.0; Thunderbird ESR 10.x prior to 10.0.8; SeaMonkey prior to 2.13) could allow remote code execution...
CVE-2012-4182
CVE-2012-4182 is a Use-after-free in Mozilla Firefox’s nsTextEditRules::WillInsert, affecting Firefox <= 16.0 and Firefox ESR <= 10.x <= 10.0.8, Thunderbird <= 16.0 and ESR 10.x <= 10.0.8, and SeaMonkey
CVE-2012-4183
CVE-2012-4183 is a use-after-free in DOMSVGTests::GetRequiredFeatures affecting Firefox before 16.0, Firefox ESR before 10.0.8, Thunderbird before 16.0, and SeaMonkey before 2.13, with potential for remote code execution or a denial of service via heap memory corruption. Connected advisories from...
CVE-2012-4179
CVE-2012-4179 is a use-after-free in Mozilla Firefox's nsHTMLCSSUtils::CreateCSSPropertyTxn that can lead to code execution or heap memory corruption. Affected are Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey befor...
CVE-2012-4184
CVE-2012-4184 affects Mozilla's COW in Firefox (and related Mozilla products) prior to version 16.0 (Firefox), ESR 10.x prior to 10.0.8, Thunderbird prior to 16.0, Thunderbird ESR 10.x prior to 10.0.8, and SeaMonkey prior to 2.13. The issue allows a crafted web site to bypass restrictions and acc...