Vulnerabilities > Mozilla > Firefox Mobile > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-04-25 | CVE-2012-1138 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font. | 9.3 |
| 2012-04-25 | CVE-2012-1135 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font. | 9.3 |
| 2012-04-25 | CVE-2012-1133 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph or bitmap data in a BDF font. | 9.3 |
| 2012-04-25 | CVE-2012-1129 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT string in a Type 42 font. | 9.3 |
| 2012-04-25 | CVE-2012-1128 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and memory corruption) or possibly execute arbitrary code via a crafted TrueType font. | 9.3 |