CVSS: 10.0EPSS: 96%CPEs: 164EXPL: 2CVE-2011-0073 – Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0073
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no utiliza correctamente las estructuras de datos nsTreeRange, permitiendo a atacantes remotos ejecutar código arbitrario a través de vectores no especificados produciendo un "dangling pointer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element. • https://www.exploit-db.com/exploits/17419 https://www.exploit-db.com/exploits/17520 http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://securityreason.com/securityalert/8310 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce& • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 18%CPEs: 37EXPL: 0CVE-2011-0081 – Mozilla memory safety issue (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0081
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.6.x anterior a v3.6.17 y v4.x anterior a v4.0.1, y Thunderbird v3.1.x anterior a v3.1.10, permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus. •
CVSS: 10.0EPSS: 20%CPEs: 163EXPL: 0CVE-2011-0075 – Mozilla crash from bad iframe source (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0075
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, y CVE-2011 0078. • http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus.com/bid/47647 https& •
CVSS: 10.0EPSS: 18%CPEs: 176EXPL: 1CVE-2011-0069 – Mozilla javascript crash (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0069
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.1; Thunderbird anterior a v3.1.10; y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0070. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus. •
CVSS: 10.0EPSS: 2%CPEs: 16EXPL: 0CVE-2011-1300
https://notcve.org/view.php?id=CVE-2011-1300
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. La función Program::getActiveUniformMaxLength en el archivo libGLESv2/Program.cpp en la biblioteca libGLESv2.dll en la biblioteca WebGLES en Almost Native Graphics Layer Engine (ANGLE), como es usado en Mozilla Firefox versiones 4.x anteriores a 4.0.1 en Windows y en el proceso GPU en Google Chrome anterior a versión 10.0.648.205 en Windows, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados, relacionado con un error "off-by-three". • http://code.google.com/p/angleproject/source/detail?r=611 http://code.google.com/p/chromium/issues/detail?id=70070 http://googlechromereleases.blogspot.com/2011/04/stable-channel-update.html http://secunia.com/advisories/44141 http://www.mozilla.org/security/announce/2011/mfsa2011-17.html http://www.securityfocus.com/bid/47377 http://www.securitytracker.com/id?1025377 http://www.vupen.com/english/advisories/2011/1006 https://bugzilla.mozilla.org/show_bug.cgi?id=623791 https:/ • CWE-189: Numeric Errors •