CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-6797
https://notcve.org/view.php?id=CVE-2020-6797
By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. • https://bugzilla.mozilla.org/show_bug.cgi?id=1596668 https://security.gentoo.org/glsa/202003-02 https://www.mozilla.org/security/advisories/mfsa2020-05 https://www.mozilla.org/security/advisories/mfsa2020-06 https://www.mozilla.org/security/advisories/mfsa2020-07 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2669
https://notcve.org/view.php?id=CVE-2011-2669
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. Mozilla Firefox versiones anteriores a 3.6, presenta una vulnerabilidad de DoS debido a un problema en la comprobación de certificados. • http://jvn.jp/en/jp/JVN70984231/index.html • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2668
https://notcve.org/view.php?id=CVE-2011-2668
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header Mozilla Firefox versiones hasta 1.5.0.3, presenta una vulnerabilidad en el procesamiento del encabezado content-length. • http://jvn.jp/en/jp/JVN36721438/index.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2670
https://notcve.org/view.php?id=CVE-2011-2670
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets Mozilla Firefox versiones anteriores a la versión 3.6, es vulnerable a un ataque de tipo XSS por medio de la renderización de Cascading Style Sheets. • http://jvn.jp/en/jp/JVN74649877/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 47%CPEs: 4EXPL: 4CVE-2019-17026 – Mozilla Firefox And Thunderbird Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. Una información de alias incorrecta en compilador IonMonkey JIT para establecer los elementos de la matriz podría conllevar a una confusión de tipo. Estamos conscientes de los ataques dirigidos "in the wild" abusando de este fallo. • https://www.exploit-db.com/exploits/49864 https://github.com/maxpl0it/CVE-2019-17026-Exploit https://github.com/lsw29475/CVE-2019-17026 http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html https://bugzilla.mozilla.org/show_bug.cgi?id=1607443 https://security.gentoo.org/glsa/202003-02 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-03 https://www.mozilla.org/security/advisories/mfsa2020-04 https://access.redhat& • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •