Skip to main content
CVE-2012-3993 CRITICAL POC THREAT Emergency

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 80.8%.

Privilege Escalation Mozilla Google Firefox Thunderbird Esr +3
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
80.8%
Threat
5.8
CVE-2012-4188 CRITICAL Emergency

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 52.5% and no vendor patch available.

Buffer Overflow Mozilla RCE Firefox Thunderbird Esr +11
NVD
CVSS 2.0
9.3
EPSS
52.5%
CVE-2012-4186 CRITICAL Emergency

Heap-based buffer overflow in the nsWaveReader::DecodeAudioData function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 52.5% and no vendor patch available.

Buffer Overflow Mozilla RCE Firefox Thunderbird Esr +11
NVD
CVSS 2.0
9.3
EPSS
52.5%
CVE-2012-5166 HIGH Act Now

ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 42.0% and no vendor patch available.

Denial Of Service Bind
NVD
CVSS 2.0
7.8
EPSS
42.0%
CVE-2012-4187 CRITICAL Act Now

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 20.0% and no vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +11
NVD
CVSS 2.0
9.3
EPSS
20.0%
CVE-2012-4180 CRITICAL Act Now

Heap-based buffer overflow in the nsHTMLEditor::IsPrevCharInNodeWhitespace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Mozilla RCE Firefox Thunderbird Esr +11
NVD
CVSS 2.0
9.3
EPSS
9.5%
CVE-2012-4467 MEDIUM POC PATCH This Month

The (1) do_siocgstamp and (2) do_siocgstampns functions in net/socket.c in the Linux kernel before 3.5.4 use an incorrect argument order, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 2.0
6.6
EPSS
0.0%
CVE-2012-4179 CRITICAL Act Now

Use-after-free vulnerability in the nsHTMLCSSUtils::CreateCSSPropertyTxn function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +14
NVD
CVSS 2.0
9.3
EPSS
6.1%
CVE-2012-3990 CRITICAL Act Now

Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Memory Corruption Use After Free Firefox +12
NVD
CVSS 2.0
9.3
EPSS
6.1%
CVE-2012-4185 CRITICAL Act Now

Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +11
NVD
CVSS 2.0
9.3
EPSS
5.2%
CVE-2012-4182 CRITICAL Act Now

Use-after-free vulnerability in the nsTextEditRules::WillInsert function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +14
NVD
CVSS 2.0
9.3
EPSS
4.8%
CVE-2012-3983 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +5
NVD
CVSS 2.0
10.0
EPSS
0.8%
CVE-2012-3988 CRITICAL Act Now

Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

RCE Mozilla Memory Corruption Use After Free Firefox +11
NVD
CVSS 2.0
9.3
EPSS
4.0%
CVE-2012-4181 CRITICAL Act Now

Use-after-free vulnerability in the nsSMILAnimationController::DoSample function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +10
NVD
CVSS 2.0
9.3
EPSS
3.5%
CVE-2012-4183 CRITICAL Act Now

Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Use After Free Denial Of Service Buffer Overflow Memory Corruption +14
NVD
CVSS 2.0
9.3
EPSS
2.7%
CVE-2012-3995 CRITICAL Act Now

The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Denial Of Service Buffer Overflow Information Disclosure RCE +12
NVD
CVSS 2.0
9.3
EPSS
2.0%
CVE-2012-3991 CRITICAL Act Now

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Firefox Thunderbird Esr Thunderbird +9
NVD
CVSS 2.0
9.3
EPSS
1.4%
CVE-2012-3982 CRITICAL Act Now

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +12
NVD
CVSS 2.0
9.3
EPSS
1.3%
CVE-2012-3989 CRITICAL Act Now

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Mozilla RCE Firefox +5
NVD
CVSS 2.0
9.3
EPSS
0.9%
CVE-2012-3504 LOW POC Monitor

The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Crypto Utils
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2012-4465 MEDIUM This Month

Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Cgit
NVD
CVSS 2.0
6.5
EPSS
3.5%
CVE-2012-3984 MEDIUM This Month

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird +3
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2012-5354 MEDIUM This Month

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Information Disclosure Firefox Seamonkey Thunderbird
NVD
CVSS 2.0
6.8
EPSS
0.9%
CVE-2012-4455 MEDIUM This Month

openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in. Rated medium severity (CVSS 6.2). No vendor patch available.

Information Disclosure Opencryptoki
NVD
CVSS 2.0
6.2
EPSS
0.0%
CVE-2012-5356 MEDIUM This Month

The apt-add-repository tool in Ubuntu Software Properties 0.75.x before 0.75.10.3, 0.80.x before 0.80.9.2, 0.81.x before 0.81.13.5, 0.82.x before 0.82.7.3, and 0.92.x before 0.92.8 does not properly. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Ubuntu Ubuntu Software Properties
NVD
CVSS 2.0
5.8
EPSS
0.7%
CVE-2012-4445 MEDIUM This Month

Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Hostapd
NVD
CVSS 2.0
4.3
EPSS
5.3%
CVE-2012-4463 MEDIUM This Month

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Midnight Commander
NVD
CVSS 2.0
5.1
EPSS
0.6%
CVE-2012-3040 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Siemens XSS Simatic S7 1200 Firmware Simatic S7 1200 Cpu 1211C Firmware Simatic S7 1200 Cpu 1212C Firmware +6
NVD
CVSS 2.0
4.3
EPSS
1.2%
CVE-2012-3992 MEDIUM This Month

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Esr Thunderbird +9
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-4184 MEDIUM This Month

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Google XSS Firefox Thunderbird Esr +11
NVD
CVSS 2.0
4.3
EPSS
1.1%
CVE-2012-3994 MEDIUM This Month

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Thunderbird Esr Thunderbird +9
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-3985 MEDIUM This Month

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla XSS Firefox Seamonkey Thunderbird +3
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2012-3986 MEDIUM This Month

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict calls to DOMWindowUtils. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Mozilla Authentication Bypass Firefox Thunderbird Esr Thunderbird +10
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2012-4430 MEDIUM PATCH This Month

The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Bacula Debian Linux
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2012-3987 MEDIUM This Month

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Mozilla Google Firefox Chrome
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2012-5355 LOW Monitor

welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. Rated low severity (CVSS 3.3). No vendor patch available.

Information Disclosure Xdiagnose
NVD
CVSS 2.0
3.3
EPSS
0.0%
CVE-2012-4454 LOW Monitor

openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc. Rated low severity (CVSS 2.9). No vendor patch available.

Privilege Escalation Opencryptoki
NVD
CVSS 2.0
2.9
EPSS
0.7%
CVE-2012-2286 LOW Monitor

Unspecified vulnerability in EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to obtain sensitive information via unknown vectors. Rated low severity (CVSS 2.9). No vendor patch available.

Information Disclosure Rsa Adaptive Authentication On Premise
NVD
CVSS 2.0
2.9
EPSS
0.1%
CVE-2012-4899 LOW PATCH Monitor

WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Information Disclosure Kingview
NVD
CVSS 2.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy