CVE-2011-2669
https://notcve.org/view.php?id=CVE-2011-2669
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. Mozilla Firefox versiones anteriores a 3.6, presenta una vulnerabilidad de DoS debido a un problema en la comprobación de certificados. • http://jvn.jp/en/jp/JVN70984231/index.html • CWE-295: Improper Certificate Validation •
CVE-2011-2668
https://notcve.org/view.php?id=CVE-2011-2668
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header Mozilla Firefox versiones hasta 1.5.0.3, presenta una vulnerabilidad en el procesamiento del encabezado content-length. • http://jvn.jp/en/jp/JVN36721438/index.html •
CVE-2011-2670
https://notcve.org/view.php?id=CVE-2011-2670
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets Mozilla Firefox versiones anteriores a la versión 3.6, es vulnerable a un ataque de tipo XSS por medio de la renderización de Cascading Style Sheets. • http://jvn.jp/en/jp/JVN74649877/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-17026 – Mozilla Firefox And Thunderbird Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. Una información de alias incorrecta en compilador IonMonkey JIT para establecer los elementos de la matriz podría conllevar a una confusión de tipo. Estamos conscientes de los ataques dirigidos "in the wild" abusando de este fallo. • https://www.exploit-db.com/exploits/49864 https://github.com/maxpl0it/CVE-2019-17026-Exploit https://github.com/lsw29475/CVE-2019-17026 http://packetstormsecurity.com/files/162568/Firefox-72-IonMonkey-JIT-Type-Confusion.html https://bugzilla.mozilla.org/show_bug.cgi?id=1607443 https://security.gentoo.org/glsa/202003-02 https://usn.ubuntu.com/4335-1 https://www.mozilla.org/security/advisories/mfsa2020-03 https://www.mozilla.org/security/advisories/mfsa2020-04 https://access.redhat& • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2019-17001
https://notcve.org/view.php?id=CVE-2019-17001
A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-site scripting). This is a separate bypass from CVE-2019-17000.*Note: This flaw only affected Firefox 69 and was not present in earlier versions.*. This vulnerability affects Firefox < 70. Una Política de Seguridad de Contenido que bloquea los scripts en línea podría ser omitida utilizando una etiqueta de objeto para ejecutar JavaScript en el documento protegido (cross-site scripting). • https://bugzilla.mozilla.org/show_bug.cgi?id=1587976 https://www.mozilla.org/security/advisories/mfsa2019-34 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •