CVSS: 9.8EPSS: 24%CPEs: 212EXPL: 0CVE-2010-3168 – Mozilla Firefox tree Object Removal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3168
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 24%CPEs: 212EXPL: 4CVE-2010-3131 – Mozilla Firefox 3.6.8 - 'dwmapi.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3131
26 Aug 2010 — Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. Una vulnerabilidad de ruta de búsqueda no confiable en Firefox anterior a versión 3.5.12 y versiones 3.6.x an... • https://www.exploit-db.com/exploits/14730 •
CVSS: 6.1EPSS: 0%CPEs: 191EXPL: 0CVE-2010-1210 – Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
https://notcve.org/view.php?id=CVE-2010-1210
30 Jul 2010 — intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. intl/uconv/util/nsUnicodeDecodeHelper.cpp en Mozilla Firefox en versiones anteriores a la v3.6.7 y Thunderbird en anteriores a la v3.1.1 inserta una secuencia U+FFFD en texto en determinadas circunst... • http://www.mozilla.org/security/announce/2010/mfsa2010-44.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-1207 – Mozilla Same-origin bypass using canvas context
https://notcve.org/view.php?id=CVE-2010-1207
30 Jul 2010 — Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. Mozilla Firefox en versiones anteriores a la v3.6.7 y Thunderbird en versiones anteriores a la v3.1.1 no implementan apropiadamente las restricciones de acceso a los elementos CANVAS, lo que permite a atacantes remotos obtener información confidencial f... • http://www.mozilla.org/security/announce/2010/mfsa2010-43.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 83%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
30 Jun 2010 — Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. ... • https://www.exploit-db.com/exploits/14422 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 20%CPEs: 100EXPL: 0CVE-2010-1196 – nsGenericDOMDataNode:: SetTextInternal
https://notcve.org/view.php?id=CVE-2010-1196
23 Jun 2010 — Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función GenericDOMDataNode::SetTextInternal en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 7%CPEs: 100EXPL: 0CVE-2010-1200 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1200
23 Jun 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 9.3EPSS: 9%CPEs: 97EXPL: 1CVE-2010-1201
https://notcve.org/view.php?id=CVE-2010-1201
23 Jun 2010 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 9.3EPSS: 53%CPEs: 100EXPL: 0CVE-2010-1202 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1202
23 Jun 2010 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidad no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey permite a... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 10.0EPSS: 76%CPEs: 100EXPL: 3CVE-2010-1199 – Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1199
23 Jun 2010 — Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Desbordamiento de enteros en la implementación del nodo de ordenación XSLT en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su ele... • https://www.exploit-db.com/exploits/34192 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •