Redhat Enterprise Linux Eus vulnerabilities

CVE-2012-3552 [MEDIUM] CWE-362 CVE-2012-3552: Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application that sets socket options during the handling of network traffic.

CVE-2012-1972 [CRITICAL] CWE-416 CVE-2012-1972: Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Fire Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspeci

CVE-2012-1970 [CRITICAL] CWE-119 CVE-2012-1970: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox E Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown

CVE-2012-3967 [CRITICAL] CWE-787 CVE-2012-3967: The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a de

CVE-2012-1973 [CRITICAL] CWE-416 CVE-2012-1973: Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox b Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified

CVE-2012-1975 [CRITICAL] CWE-416 CVE-2012-1975: Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Use-after-free vulnerability in the PresShell::CompleteMove function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2012-1976 [CRITICAL] CWE-416 CVE-2012-1976: Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firef Use-after-free vulnerability in the nsHTMLSelectElement::SubmitNamesValues function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecif

CVE-2012-3968 [CRITICAL] CWE-416 CVE-2012-3968: Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR Use-after-free vulnerability in the WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via vectors related to deletion of a fragment shader by its accessor.

CVE-2012-3960 [CRITICAL] CWE-416 CVE-2012-3960: Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefo Use-after-free vulnerability in the mozSpellChecker::SetCurrentDictionary function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecifi

CVE-2012-3957 [CRITICAL] CWE-787 CVE-2012-3957: Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15. Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2012-3961 [CRITICAL] CWE-416 CVE-2012-3961: Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox Use-after-free vulnerability in the RangeData implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

CVE-2012-3956 [CRITICAL] CWE-416 CVE-2012-3956: Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified

CVE-2012-3963 [CRITICAL] CWE-416 CVE-2012-3963: Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 1 Use-after-free vulnerability in the js::gc::MapAllocToTraceKind function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2012-3959 [CRITICAL] CWE-416 CVE-2012-3959: Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox bef Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified ve

CVE-2012-1974 [CRITICAL] CWE-416 CVE-2012-1974: Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox befor Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vect

CVE-2012-3972 [MEDIUM] CWE-200 CVE-2012-3972: The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox E The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read.

CVE-2012-3976 [MEDIUM] CWE-200 CVE-2012-3976: Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not proper Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

CVE-2012-4681 [CRITICAL] CWE-284 CVE-2012-4681: Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restric

CVE-2012-1734 [MEDIUM] CVE-2012-1734: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVE-2012-1689 [MEDIUM] CVE-2012-1689: Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.