CVE-2012-4930
- EPSS 2.08%
- Veröffentlicht 15.09.2012 18:55:03
- Zuletzt bearbeitet 16.06.2026 23:45:55
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to...
- EPSS 3.96%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:10
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensit...
CVE-2012-3973
- EPSS 4.93%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:10
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging ...
CVE-2012-3974
- EPSS 0.3%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:10
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse e...
CVE-2012-3975
- EPSS 1.87%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:10
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by provi...
CVE-2012-3976
- EPSS 1.78%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:11
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate inform...
CVE-2012-3978
- EPSS 2.3%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:11
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location objec...
CVE-2012-3979
- EPSS 1.88%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:11
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
CVE-2012-3980
- EPSS 2.35%
- Veröffentlicht 29.08.2012 10:56:41
- Zuletzt bearbeitet 16.06.2026 23:44:11
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a cr...
- EPSS 5.57%
- Veröffentlicht 29.08.2012 10:56:40
- Zuletzt bearbeitet 16.06.2026 23:40:43
Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers...