CVSS: 9.8EPSS: 78%CPEs: 221EXPL: 1CVE-2010-3179 – Mozilla Firefox SeaMonkey 3.6.10 / Thunderbird 3.1.4 - 'document.write' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3179
21 Oct 2010 — Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. Un desbordamiento de búfer basado en pila en la funcionalidad text-rendering en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11,... • https://www.exploit-db.com/exploits/34881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 64%CPEs: 221EXPL: 0CVE-2010-3183 – Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3183
19 Oct 2010 — The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. La función LookupGetterOrSetter... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 212EXPL: 0CVE-2010-2768 – Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
https://notcve.org/view.php?id=CVE-2010-2768
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 no restringe adecuada... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 35%CPEs: 212EXPL: 0CVE-2010-3166 – nsTextFrameUtils:: TransformText (MFSA 2010-53)
https://notcve.org/view.php?id=CVE-2010-3166
09 Sep 2010 — Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. Desbordamiento de búfer basado en memoria dinámica en la función nsTextFrameUtils::TransformText en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2010-2763
https://notcve.org/view.php?id=CVE-2010-2763
09 Sep 2010 — The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. La clase XPCSafeJSObjectWrapper en la implementación SafeJSObjectWrapper (también conocido como SJOW) en Mozilla Firefox anterior a v3.5.12, Thunderbird anter... • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 7%CPEs: 229EXPL: 0CVE-2010-2770
https://notcve.org/view.php?id=CVE-2010-2770
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 en Mac OS X permite a atacantes remotos provocar una de... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 11%CPEs: 212EXPL: 0CVE-2010-2760 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2760
09 Sep 2010 — Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. Vulnerabilidad de uso después de la liberación en la función nsTreeSelection en Mozilla Firefox ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 24%CPEs: 212EXPL: 0CVE-2010-2767 – Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
https://notcve.org/view.php?id=CVE-2010-2767
09 Sep 2010 — The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." La aplicación navigator.plugins en Mozilla Firefox anterior a v3.5.12 y v3.6.x ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 31%CPEs: 212EXPL: 0CVE-2010-2765 – Mozilla Frameset integer overflow vulnerability (MFSA 2010-50)
https://notcve.org/view.php?id=CVE-2010-2765
09 Sep 2010 — Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. Desbordamiento de entero en la implementación del elemento FRAMESET en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.1EPSS: 0%CPEs: 212EXPL: 0CVE-2010-2769 – Mozilla Copy-and-paste or drag-and-drop into designMode document allows XSS (MFSA 2010-62)
https://notcve.org/view.php?id=CVE-2010-2769
09 Sep 2010 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird ant... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •