Description
A flaw was found in the way Firefox decoded embedded bitmap images in Icon
Format (ICO) files. A web page containing a malicious ICO file could cause
Firefox to crash or, under certain conditions, possibly execute arbitrary
code with the privileges of the user running Firefox. (CVE-2012-3966)
A flaw was found in the way the "eval" command was handled by the Firefox
Web Console. Running "eval" in the Web Console while viewing a web page
containing malicious content could possibly cause Firefox to execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2012-3980)
An out-of-bounds memory read flaw was found in the way Firefox used the
format-number feature of XSLT (Extensible Stylesheet Language
Transformations). A web page containing malicious content could possibly
cause an information leak, or cause Firefox to crash. (CVE-2012-3972)
It was found that the SSL certificate information for a previously visited
site could be displayed in the address bar while the main window displayed
a new page. This could lead to phishing attacks as attackers could use this
flaw to trick users into believing they are viewing a trusted site.
(CVE-2012-3976)
A flaw was found in the location object implementation in Firefox.
Malicious content could use this flaw to possibly allow restricted content
to be loaded. (CVE-2012-3978)