CVSS: 9.8EPSS: 2%CPEs: 14EXPL: 0CVE-2010-3175 – Mozilla miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-3175
21 Oct 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox v3.6.x anterior a v3.6.11 y Thunderbird v3.1.x anterior a v3.1.5, permiten a atacantes remotos provocar una denegación de servicio (corrupción d... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 9.8EPSS: 3%CPEs: 149EXPL: 0CVE-2010-3176 – Mozilla miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-3176
21 Oct 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 6.5EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3178 – Mozilla cross-site information disclosure via modal calls
https://notcve.org/view.php?id=CVE-2010-3178
21 Oct 2010 — Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonke... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 30%CPEs: 221EXPL: 1CVE-2010-3179 – Mozilla Firefox SeaMonkey 3.6.10 / Thunderbird 3.1.4 - 'document.write' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3179
21 Oct 2010 — Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. Un desbordamiento de búfer basado en pila en la funcionalidad text-rendering en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11,... • https://www.exploit-db.com/exploits/34881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 221EXPL: 0CVE-2010-3180 – Mozilla use-after-free error in nsBarProp
https://notcve.org/view.php?id=CVE-2010-3180
21 Oct 2010 — Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. Vulnerabilidad de uso después de liberación (Use-after-free) en la función nsBarProp en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y Sea... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3181
https://notcve.org/view.php?id=CVE-2010-3181
21 Oct 2010 — Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a 3.1.5, y SeaMonkey anterior a v2.0.9 en Windows permite a usuarios loca... • http://www.mozilla.org/security/announce/2010/mfsa2010-71.html •
CVSS: 8.4EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3182 – Mozilla unsafe library loading flaw
https://notcve.org/view.php?id=CVE-2010-3182
21 Oct 2010 — A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Una secuencia de comandos de ciertas aplicaciones que ejecutan Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y 3.... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 9.8EPSS: 6%CPEs: 221EXPL: 0CVE-2010-3183 – Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3183
19 Oct 2010 — The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. La función LookupGetterOrSetter... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 212EXPL: 0CVE-2010-2760 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2760
09 Sep 2010 — Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. Vulnerabilidad de uso después de la liberación en la función nsTreeSelection en Mozilla Firefox ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 0CVE-2010-2762 – Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)
https://notcve.org/view.php?id=CVE-2010-2762
09 Sep 2010 — The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. La clase XPCSafeJSObjectWrapper en la implementación SafeJSObjectWrapper (también conocido como SJOW) en Mozill... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-264: Permissions, Privileges, and Access Controls •