CVSS: 10.0EPSS: 4%CPEs: 9EXPL: 0CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
21 Feb 2010 — The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html •
CVSS: 6.8EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3984 – Mozilla SSL spoofing with document.location and empty SSL response page
https://notcve.org/view.php?id=CVE-2009-3984
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos suplantar un indicador de SSL para una URL o fichero HTTP URL estableciendo... • http://secunia.com/advisories/37699 •
CVSS: 9.1EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3983 – Mozilla NTLM reflection vulnerability
https://notcve.org/view.php?id=CVE-2009-3983
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite enviar solicitudes autenticadas a aplicaciones arbitrarias a atacantes remotos respondiendo a las credenciales NTLM de un usuario del navegador. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 9.3EPSS: 5%CPEs: 152EXPL: 0CVE-2009-3981 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-3981
17 Dec 2009 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox antes de v3.0.16, SeaMonkey antes de v2.0.1 y Thunderbird permite a atacantes remotos provocar una denegación de servicio (mediante corrupción de la memoria y bloq... • http://secunia.com/advisories/37699 •
CVSS: 5.3EPSS: 0%CPEs: 79EXPL: 0CVE-2008-6961
https://notcve.org/view.php?id=CVE-2008-6961
13 Aug 2009 — mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. mailnews en Mozilla Thunderbird anteriores a v2.0.0.18 y SeaMonkey anteriores a v1.1.13, cuando JavaScript es habilita en correo electrónico, permite a los atacantes remotos obtener información sensible acerca de... • http://secunia.com/advisories/32714 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-2408 – firefox/nss: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2009-2408
30 Jul 2009 — Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v... • http://isc.sans.org/diary.html?storyid=7003 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 7%CPEs: 124EXPL: 0CVE-2009-2463 – Mozilla Base64 decoding crash
https://notcve.org/view.php?id=CVE-2009-2463
22 Jul 2009 — Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. Desbordamiento de enteros en una función base64 decoding en Mozilla Firefox anteriores a v.3.0.12 y Thunderbird perm... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 8%CPEs: 116EXPL: 0CVE-2009-2465 – Mozilla double frame construction crashes
https://notcve.org/view.php?id=CVE-2009-2465
22 Jul 2009 — Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. Mozilla Firefox anteriores v3.0.12 y Thunderbird permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) o ejecuta... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 48%CPEs: 117EXPL: 1CVE-2009-2464 – Mozilla Firefox 3.0.11 and Thunderbird 2.0.9 - RDF File Handling Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2009-2464
22 Jul 2009 — The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. El nsXULTemplateQueryProcessorRDF::CheckIsSeparator function en Mozilla Firefox anteriores a v3.0.12, SeaMonkey v2.0a1pre, y Thunderbird permite a atacantes remotos causar una d... • https://www.exploit-db.com/exploits/33101 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 15%CPEs: 116EXPL: 1CVE-2009-2466 – Mozilla JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-2466
22 Jul 2009 — The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. JavaScript engine en Mozilla Firefox anteriores v3.0.12 y Thunderbird permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) o posi... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •