CVSS: 9.3EPSS: 5%CPEs: 2EXPL: 0CVE-2011-0341
https://notcve.org/view.php?id=CVE-2011-0341
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site. Desbordamiento de búfer basado en pila en la función pdfmoz_onmouse function en apps/mozilla/moz_main.c en el plugin MuPDF v2008.09.02 para Firefox permite a atacantes remotos ejecutar código de su elección a través de un sitio web manipulado. • http://secunia.com/advisories/43739 http://secunia.com/secunia_research/2011-38 http://www.osvdb.org/72177 http://www.securityfocus.com/bid/47739 http://www.vupen.com/english/advisories/2011/1191 https://exchange.xforce.ibmcloud.com/vulnerabilities/67298 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 17%CPEs: 13EXPL: 1CVE-2011-0079
https://notcve.org/view.php?id=CVE-2011-0079
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors. Multiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x anterior a v4.0.1 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario mediante vectores relacionados con fx/layers/d3d10/ReadbackManagerD3D10.cpp y otros vectores desconocidos. • http://www.mozilla.org/security/announce/2011/mfsa2011-12.html https://bugzilla.mozilla.org/show_bug.cgi?id=601102 https://bugzilla.mozilla.org/show_bug.cgi?id=639343 https://bugzilla.mozilla.org/show_bug.cgi?id=639728 https://bugzilla.mozilla.org/show_bug.cgi?id=639885 https://bugzilla.mozilla.org/show_bug.cgi? •
CVSS: 10.0EPSS: 18%CPEs: 176EXPL: 1CVE-2011-0070 – Mozilla double free flaw (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0070
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.1; Thunderbird anterior a v3.1.10; y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0069. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus. •
CVSS: 10.0EPSS: 27%CPEs: 163EXPL: 0CVE-2011-0074 – Mozilla crash from several marquee elements (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0074
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, y CVE-2011-0078. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/ •
CVSS: 10.0EPSS: 10%CPEs: 164EXPL: 0CVE-2011-0066 – Mozilla Firefox OBJECT mObserverList Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0066
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList. Vulnerabilidad de uso después de la liberación (Use-after-free) en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, permite a atacantes remotos ejecutar código arbitrario mediante OBJECT's mObserverList. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's handling of observer OBJECTs. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce/2011/mfsa2011-13.html https://bugzilla.mozilla.org/show_bug.cgi?id=634983 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13970 https://access.redhat • CWE-399: Resource Management Errors CWE-416: Use After Free •