Mozilla Thunderbird Esr vulnerabilities

CVE-2012-1972 [CRITICAL] CWE-416 CVE-2012-1972: Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Fire Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspeci

CVE-2012-1970 [CRITICAL] CWE-119 CVE-2012-1970: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox E Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown

CVE-2012-3967 [CRITICAL] CWE-787 CVE-2012-3967: The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a de

CVE-2012-3969 [CRITICAL] CWE-189 CVE-2012-3969: Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Fi Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via a crafted SVG filter that triggers an incorrect sum calculation, leading to a he

CVE-2012-1973 [CRITICAL] CWE-416 CVE-2012-1973: Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox b Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified

CVE-2012-3962 [CRITICAL] CVE-2012-3962: Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ES Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly iterate through the characters in a text run, which allows remote attackers to execute arbitrary code via a crafted document.

CVE-2012-1975 [CRITICAL] CWE-416 CVE-2012-1975: Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2012-3980 [CRITICAL] CWE-94 CVE-2012-3980: The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 1 The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation.

CVE-2012-1976 [CRITICAL] CWE-416 CVE-2012-1976: Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firef Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecif

CVE-2012-3968 [CRITICAL] CWE-416 CVE-2012-3968: Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.

CVE-2012-3960 [CRITICAL] CWE-416 CVE-2012-3960: Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefo Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecifi

CVE-2012-3957 [CRITICAL] CWE-787 CVE-2012-3957: Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15. Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2012-3961 [CRITICAL] CWE-416 CVE-2012-3961: Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2012-3956 [CRITICAL] CWE-416 CVE-2012-3956: Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified

CVE-2012-3963 [CRITICAL] CWE-416 CVE-2012-3963: Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 1 Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2012-3970 [CRITICAL] CWE-399 CVE-2012-3970: Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, F Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving movemen

CVE-2012-3959 [CRITICAL] CWE-416 CVE-2012-3959: Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox bef Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified ve

CVE-2012-1974 [CRITICAL] CWE-416 CVE-2012-1974: Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox befor Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vect

CVE-2012-3972 [MEDIUM] CWE-200 CVE-2012-3972: The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox E The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.

CVE-2012-3974 [MEDIUM] CWE-399 CVE-2012-3974: Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10. Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory.