CVSS: 8.4EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3182 – Mozilla unsafe library loading flaw
https://notcve.org/view.php?id=CVE-2010-3182
21 Oct 2010 — A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Una secuencia de comandos de ciertas aplicaciones que ejecutan Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y 3.... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 9.8EPSS: 6%CPEs: 221EXPL: 0CVE-2010-3183 – Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3183
19 Oct 2010 — The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. La función LookupGetterOrSetter... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 212EXPL: 0CVE-2010-2760 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2760
09 Sep 2010 — Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. Vulnerabilidad de uso después de la liberación en la función nsTreeSelection en Mozilla Firefox ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 0CVE-2010-2762 – Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)
https://notcve.org/view.php?id=CVE-2010-2762
09 Sep 2010 — The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object. La clase XPCSafeJSObjectWrapper en la implementación SafeJSObjectWrapper (también conocido como SJOW) en Mozill... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2010-2763
https://notcve.org/view.php?id=CVE-2010-2763
09 Sep 2010 — The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. La clase XPCSafeJSObjectWrapper en la implementación SafeJSObjectWrapper (también conocido como SJOW) en Mozilla Firefox anterior a v3.5.12, Thunderbird anter... • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 212EXPL: 0CVE-2010-2764 – Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63)
https://notcve.org/view.php?id=CVE-2010-2764
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, SeaMonkey anterior a v2.0.7 no restringe correctamente el acces... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 212EXPL: 0CVE-2010-2765 – Mozilla Frameset integer overflow vulnerability (MFSA 2010-50)
https://notcve.org/view.php?id=CVE-2010-2765
09 Sep 2010 — Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. Desbordamiento de entero en la implementación del elemento FRAMESET en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 4%CPEs: 212EXPL: 0CVE-2010-2766 – Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2766
09 Sep 2010 — The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. La función normalizeDocument en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, SeaMonkey an... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 6%CPEs: 212EXPL: 0CVE-2010-2767 – Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
https://notcve.org/view.php?id=CVE-2010-2767
09 Sep 2010 — The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." La aplicación navigator.plugins en Mozilla Firefox anterior a v3.5.12 y v3.6.x ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 212EXPL: 0CVE-2010-2768 – Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
https://notcve.org/view.php?id=CVE-2010-2768
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 no restringe adecuada... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •