- Home
- CVEs with nessus.description==The installed version of Firefox is earlier than 10.0.8 and thus, is affected by the following vulnerabilities :
- Several memory safety bugs exist in the browser engine used in Mozilla-based products that could be exploited to execute arbitrary code. (CVE-2012-3983)
- Some methods of a feature used for testing (DOMWindowUtils) are not properly protected and may be called through script by web pages. (CVE-2012-3986)
- A potentially exploitable denial of service may be caused by a combination of invoking full-screen mode and navigating backwards in history. (CVE-2012-3988)
- When the 'GetProperty' function is invoked through JSAP, security checking can be bypassed when getting cross- origin properties, potentially allowing arbitrary code execution. (CVE-2012-3991)
- The 'location' property can be accessed by binary plugins through 'top.location' and 'top' can be shadowed by 'Object.defineProperty', potentially allowing cross- site scripting attacks through plugins. (CVE-2012-3994)
- The Chrome Object Wrapper (COW) has flaws that could allow access to privileged functions, allowing for cross- site scripting attacks or arbitrary code execution. (CVE-2012-3993, CVE-2012-4184)
- The 'location.hash' property is vulnerable to an attack that could allow an attacker to inject script or intercept post data. (CVE-2012-3992)
- The 'Address Sanitizer' tool is affected by multiple, potentially exploitable use-after-free flaws. (CVE-2012-3990, CVE-2012-3995, CVE-2012-4179, CVE-2012-4180, CVE-2012-4181, CVE-2012-4182, CVE-2012-4183)
- The 'Address Sanitizer' tool is affected by multiple, potentially exploitable heap memory corruption issues. (CVE-2012-4185, CVE-2012-4186, CVE-2012-4187, CVE-2012-4188)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top