CVSS: 10.0EPSS: 95%CPEs: 265EXPL: 3CVE-2011-2371 – Mozilla Firefox - 'Array.reduceRight()' Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2371
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. Desbordamiento de enteros en el método Array.reduceRight en Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14 permite a atacantes remotos ejecutar código arbitrario a través de vectores que implican un objeto array muy largo en javascript. • https://www.exploit-db.com/exploits/17976 https://www.exploit-db.com/exploits/18531 https://www.exploit-db.com/exploits/17974 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://securityreason.com/securityalert/8472 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 h • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 40%CPEs: 192EXPL: 0CVE-2011-2376 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2376
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.6.18 y Thunderbird antes de v3.1.11 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-19.html h •
CVSS: 10.0EPSS: 10%CPEs: 251EXPL: 0CVE-2011-2363 – Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2363
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. Vulnerabilidad de uso después de la liberación en la función nsSVGPointList::AppendElement en la implementación de listas de elementos SVG en Mozilla Firefox antes de v3.6.18, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante vectores que incluyen la llamada a user-supplied This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-23.html h • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 11%CPEs: 251EXPL: 0CVE-2011-0085 – Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0085
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. Vulnerabilidad use-after-free en la función nsXULCommandDispatcher en Mozilla Firefox antes de v3.6.18, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14 permite a atacantes remotos ejecutar código de su elección mediante un documento XUL manipulado que desencola el actual comando de actualización. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Firefox. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-23.html h • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 251EXPL: 0CVE-2011-0083 – Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0083
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. Vulnerabilidad de uso después de liberación (use-after-free) en la función nsSVGPathSegList::ReplaceItem de la implementación del elemento listas SVG en Mozilla Firefox anterior a v3.6.18, Thunderbird anterior a v3.1.11, y SeaMonkey hasta v2.0.14 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o puede que ejecutar código de su elección mediante vectores que incluyen una retrollamada facilitada por el usuario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-23.html h • CWE-399: Resource Management Errors •