CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 0CVE-2015-0813 – Mozilla: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31)
https://notcve.org/view.php?id=CVE-2015-0813
01 Apr 2015 — Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file. Vulnerabilidad de uso después de liberación en la función AppendElements en Mozilla Firefox anterior a 37.0, Firefox ESR 31.x anterior a 31.6, y Thunderbird anterior a 31.6 ... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2015-0803 – Gentoo Linux Security Advisory 201512-10
https://notcve.org/view.php?id=CVE-2015-0803
01 Apr 2015 — The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document. La función HTMLSourceElement::AfterSetAttr en Mozilla Firefox anterior a 37.0 no limita correctamente el tipo de datos originales de un valor asignado durante la configuración de los ... • http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3079 – Debian Security Advisory 3260-1
https://notcve.org/view.php?id=CVE-2011-3079
01 May 2012 — The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de a... • http://code.google.com/p/chromium/issues/detail?id=117627 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 96%CPEs: 51EXPL: 2CVE-2007-0981 – Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
https://notcve.org/view.php?id=CVE-2007-0981
16 Feb 2007 — Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8... • https://www.exploit-db.com/exploits/3340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 30EXPL: 0CVE-2006-5160
https://notcve.org/view.php?id=CVE-2006-5160
03 Oct 2006 — Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. ** IMPUGNADA ** Múltiples vulnerabilidades en Mozilla Firefox tienen vectores e impacto no especifica... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 8.8EPSS: 46%CPEs: 30EXPL: 0CVE-2006-5159
https://notcve.org/view.php?id=CVE-2006-5159
03 Oct 2006 — Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succee... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 6.4EPSS: 8%CPEs: 30EXPL: 0CVE-2006-3352
https://notcve.org/view.php?id=CVE-2006-3352
06 Jul 2006 — Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their t... • http://isc.sans.org/diary.php?storyid=1448 •
CVSS: 9.8EPSS: 23%CPEs: 24EXPL: 1CVE-2006-2788
https://notcve.org/view.php?id=CVE-2006-2788
02 Jun 2006 — Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 59%CPEs: 24EXPL: 0CVE-2006-2787
https://notcve.org/view.php?id=CVE-2006-2787
02 Jun 2006 — EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. • http://rhn.redhat.com/errata/RHSA-2006-0609.html •
CVSS: 9.8EPSS: 94%CPEs: 43EXPL: 0CVE-2006-2779
https://notcve.org/view.php?id=CVE-2006-2779
02 Jun 2006 — Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •