Mozilla Firefox Mobile vulnerabilities

20 known vulnerabilities affecting mozilla/firefox_mobile.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL18MEDIUM2

Vulnerabilities

Page 1 of 1

CVE-2012-3979MEDIUMCVSS 6.8v6.0.1v6.0.2+5 more2012-08-29

CVE-2012-3979 [MEDIUM] CVE-2012-3979: Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __andr Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.

nvd

CVE-2012-1140CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1140 [CRITICAL] CWE-119 CVE-2012-1140: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted PostScript font object.

nvd

CVE-2012-1141CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1141 [CRITICAL] CWE-119 CVE-2012-1141: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted ASCII string in a BDF font.

nvd

CVE-2012-1137CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1137 [CRITICAL] CWE-119 CVE-2012-1137: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted header in a BDF font.

nvd

CVE-2012-1144CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1144 [CRITICAL] CWE-119 CVE-2012-1144: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.

nvd

CVE-2012-1142CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1142 [CRITICAL] CWE-119 CVE-2012-1142: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outline data in a font.

nvd

CVE-2012-1134CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1134 [CRITICAL] CWE-119 CVE-2012-1134: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted private-dictionary data in a Type 1 font.

nvd

CVE-2012-1135CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1135 [CRITICAL] CWE-119 CVE-2012-1135: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font.

nvd

CVE-2012-1138CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1138 [CRITICAL] CWE-119 CVE-2012-1138: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font.

nvd

CVE-2012-1133CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1133 [CRITICAL] CWE-119 CVE-2012-1133: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.

nvd

CVE-2012-1136CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1136 [CRITICAL] CWE-119 CVE-2012-1136: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font that lacks an ENCODING field.

nvd

CVE-2012-1126CRITICALCVSS 10.0≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1126 [CRITICAL] CWE-119 CVE-2012-1126: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a BDF font.

nvd

CVE-2012-1127CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1127 [CRITICAL] CWE-119 CVE-2012-1127: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font.

nvd

CVE-2012-1139CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1139 [CRITICAL] CWE-119 CVE-2012-1139: Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and othe Array index error in FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid stack read operation and memory corruption) or possibly execute arbitrary code via crafted glyph data in a BDF font.

nvd

CVE-2012-1131CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1131 [CRITICAL] CWE-119 CVE-2012-1131: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, on 64-bit platforms allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors related to the cell table of a font.

nvd

CVE-2012-1128CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1128 [CRITICAL] CWE-119 CVE-2012-1128: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font.

nvd

CVE-2012-1132CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1132 [CRITICAL] CWE-119 CVE-2012-1132: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted dictionary data in a Type 1 font.

nvd

CVE-2012-1130CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1130 [CRITICAL] CWE-119 CVE-2012-1130: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via crafted property data in a PCF font.

nvd

CVE-2012-1129CRITICALCVSS 9.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1129 [CRITICAL] CWE-119 CVE-2012-1129: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font.

nvd

CVE-2012-1143MEDIUMCVSS 4.3≤ 10.0.3v1.0+11 more2012-04-25

CVE-2012-1143 [MEDIUM] CWE-189 CVE-2012-1143: FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows re FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted font.

nvd