CVSS: 10.0EPSS: 1%CPEs: 210EXPL: 0CVE-2011-2984 – Mozilla: Privilege escalation dropping a tab element in content area
https://notcve.org/view.php?id=CVE-2011-2984
18 Aug 2011 — Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. Firefox anterior a versión 3.6.20, SeaMonkey versiones 2.x, Thunderbird versiones 3.x anteriores a 3.1.12, y posiblemente otros productos de Mozilla, no manejan apropiadamente la caída de un elemen... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 52%CPEs: 208EXPL: 0CVE-2011-2378 – Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2378
17 Aug 2011 — The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." La función appendChild en Firefox anterior a versión 3.6.20, Thunderbird versiones 3.x anteriores a 3.1.12, SeaMonkey versiones 2.x, y posiblemente otros productos de Mozilla, no maneja apropiadamente objetos ... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 68%CPEs: 174EXPL: 0CVE-2011-0084 – Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0084
17 Aug 2011 — The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." La función SVGTextElement.getCharNumAtPosition en Firefox anterior a versión 3.6.20, y versiones 4.x hasta 5; Thunderbird versiones 3.x anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 40%CPEs: 207EXPL: 0CVE-2011-2375 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2375
30 Jun 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de la v5.0 y de Thunderbird hasta la v3.1.11, que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de a... • http://support.avaya.com/css/P8/documents/100144854 •
CVSS: 9.8EPSS: 0%CPEs: 206EXPL: 0CVE-2011-2605 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2605
30 Jun 2011 — CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. Inyección CRLF en la función nsCookieService::SetCookieStringInt... • http://www.mozilla.org/security/announce/2011/mfsa2011-19.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 11%CPEs: 265EXPL: 0CVE-2011-2373 – Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20)
https://notcve.org/view.php?id=CVE-2011-2373
30 Jun 2011 — Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. Vulnerabilidad use-after-free en Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, cuando JavaScript está deshabilitado, permite a atacantes remotos ejecutar código de su elección a través de un documen... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 40%CPEs: 99EXPL: 0CVE-2011-2365 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2365
30 Jun 2011 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.6.x antes de v3.6.18 y Thunderbird antes de v3.1.11 permite a atacantes remotos causar una denegación de servicio (corr... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html •
CVSS: 10.0EPSS: 48%CPEs: 99EXPL: 0CVE-2011-2364 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2364
30 Jun 2011 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. Vulnerabilidad no especificada en el motor de navegación de Mozilla Firefox v3.6.x anterior a v3.6.18 y Thunderbird anterior a v3.1.11 permite a atacantes remotos provocar una denegación de servicio... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html •
CVSS: 10.0EPSS: 40%CPEs: 192EXPL: 0CVE-2011-2376 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2376
30 Jun 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.6.18 y Thunderbird antes de v3.1.11 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicac... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html •
CVSS: 9.8EPSS: 56%CPEs: 265EXPL: 0CVE-2011-2377 – Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21)
https://notcve.org/view.php?id=CVE-2011-2377
30 Jun 2011 — Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente e... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •