CVSS: 10.0EPSS: 8%CPEs: 205EXPL: 0CVE-2010-0175 – Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0175
02 Apr 2010 — Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. Vulnerabilidad de uso después de la liberación (Use after free)en la implementación nsTreeSelection en Mozilla Firefox anteriores a v3.0... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 80%CPEs: 206EXPL: 0CVE-2010-0176 – Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0176
02 Apr 2010 — Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." Mozilla Firefox v3.0.19, v3.5.x antes de v3.5.9, y v3.6.x antes de v3.6.2; Thunderbird antes de v3.0.4, y SeaMonkey antes de v2... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 26%CPEs: 85EXPL: 1CVE-2010-0167 – Mozilla Firefox/Thunderbird/SeaMonkey - Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0167
25 Mar 2010 — The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a... • https://www.exploit-db.com/exploits/33801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 85EXPL: 0CVE-2010-0169 – firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)
https://notcve.org/view.php?id=CVE-2010-0169
25 Mar 2010 — The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet ... • http://www.mozilla.org/security/announce/2010/mfsa2010-14.html •
CVSS: 6.1EPSS: 0%CPEs: 85EXPL: 0CVE-2010-0171 – firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)
https://notcve.org/view.php?id=CVE-2010-0171
25 Mar 2010 — Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. Mozilla Firefox v3.0.x anterior a v3.0.18, v3.5.x anterior a v3.5.8 y v3.6.x anter... • http://www.mozilla.org/security/announce/2010/mfsa2010-12.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 1%CPEs: 91EXPL: 0CVE-2010-0161
https://notcve.org/view.php?id=CVE-2010-0161
22 Mar 2010 — The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 on Windows Vista, Windows Server 2008 R2, and Windows 7 allows remote SMTP, IMAP, and POP servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via crafted data in a session that uses SSPI. La función nsAuthSSPI::Unwrap en extensions/auth/nsAuthSSPI.cpp en Mozilla Thunderbird anteriores a v2.0.0.24 y SeaMonkey an... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 4%CPEs: 92EXPL: 0CVE-2010-0163 – seamonkey/thunderbird: crash when indexing certain messages with attachments
https://notcve.org/view.php?id=CVE-2010-0163
22 Mar 2010 — Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 process e-mail attachments with a parser that performs casts and line termination incorrectly, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted message, related to message indexing. Mozilla Thunderbird anteriores a la v2.0.0.24 y SeaMonkey anteriores a la v1.1.19 procesa ficheros adjuntos a correos electrónicos con un analizados sintáctico que realiza repartos y term... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 10.0EPSS: 4%CPEs: 9EXPL: 0CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
21 Feb 2010 — The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html •
CVSS: 6.5EPSS: 1%CPEs: 71EXPL: 1CVE-2010-0654 – firefox: cross-domain information disclosure
https://notcve.org/view.php?id=CVE-2010-0654
18 Feb 2010 — Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Mozilla Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0... • http://code.google.com/p/chromium/issues/detail?id=9877 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4629
https://notcve.org/view.php?id=CVE-2009-4629
29 Jan 2010 — Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests, as demonstrated by DNS requests triggered by reading text/plain e-mail messages in Thunderbird. Mozilla Necko usado en Thunderbird v3.0.1, SeaMonkey y otras aplicaciones, realiza una pre-consulta DNS incluso cuando el t... • https://bugzilla.mozilla.org/show_bug.cgi?id=492196 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •