CVSS: 9.8EPSS: 1%CPEs: 91EXPL: 0CVE-2010-0161
https://notcve.org/view.php?id=CVE-2010-0161
22 Mar 2010 — The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. La función nsAuthSSPI::Unwrap en extensions/auth/nsAuthSSPI.cpp en Mozilla Thunderbird anteriores a v2.0.0.24 y SeaMonkey an... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 4%CPEs: 92EXPL: 0CVE-2010-0163 – seamonkey/thunderbird: crash when indexing certain messages with attachments
https://notcve.org/view.php?id=CVE-2010-0163
22 Mar 2010 — Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. Mozilla Thunderbird anteriores a la v2.0.0.24 y SeaMonkey anteriores a la v1.1.19 procesa ficheros adjuntos a correos electrónicos con un analizados sintáctico que realiza repartos y term... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 10.0EPSS: 4%CPEs: 9EXPL: 0CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
21 Feb 2010 — The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html •
CVSS: 6.5EPSS: 1%CPEs: 71EXPL: 1CVE-2010-0654 – firefox: cross-domain information disclosure
https://notcve.org/view.php?id=CVE-2010-0654
18 Feb 2010 — Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Mozilla Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0... • http://code.google.com/p/chromium/issues/detail?id=9877 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3984 – Mozilla SSL spoofing with document.location and empty SSL response page
https://notcve.org/view.php?id=CVE-2009-3984
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos suplantar un indicador de SSL para una URL o fichero HTTP URL estableciendo... • http://secunia.com/advisories/37699 •
CVSS: 9.3EPSS: 6%CPEs: 52EXPL: 0CVE-2009-3980
https://notcve.org/view.php?id=CVE-2009-3980
17 Dec 2009 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x antes de v3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permiten a atacantes remotos provocar una denegación de servicio (por c... • http://secunia.com/advisories/37699 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3983 – Mozilla NTLM reflection vulnerability
https://notcve.org/view.php?id=CVE-2009-3983
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite enviar solicitudes autenticadas a aplicaciones arbitrarias a atacantes remotos respondiendo a las credenciales NTLM de un usuario del navegador. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 9.3EPSS: 5%CPEs: 152EXPL: 0CVE-2009-3981 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-3981
17 Dec 2009 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox antes de v3.0.16, SeaMonkey antes de v2.0.1 y Thunderbird permite a atacantes remotos provocar una denegación de servicio (mediante corrupción de la memoria y bloq... • http://secunia.com/advisories/37699 •
CVSS: 9.3EPSS: 5%CPEs: 52EXPL: 0CVE-2009-3982
https://notcve.org/view.php?id=CVE-2009-3982
17 Dec 2009 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor JavaScript en Mozilla Firefox v3.5.x antes de v3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permite a atacantes remotos provocar una denegación de servicio (median... • http://secunia.com/advisories/37699 •
CVSS: 5.3EPSS: 0%CPEs: 79EXPL: 0CVE-2008-6961
https://notcve.org/view.php?id=CVE-2008-6961
13 Aug 2009 — mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. mailnews en Mozilla Thunderbird anteriores a v2.0.0.18 y SeaMonkey anteriores a v1.1.13, cuando JavaScript es habilita en correo electrónico, permite a los atacantes remotos obtener información sensible acerca de... • http://secunia.com/advisories/32714 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •