CVSS: 9.3EPSS: 11%CPEs: 3EXPL: 0CVE-2010-1203 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1203
The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. El motor de JavaScript en Firefox de Mozilla versiones 3.6.x anteriores a 3.6.4, permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de vectores que desencadenan un fallo de aserción en el archivo jstracer.cpp. • http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 http://www.mozilla.org/security/announce/2010/mfsa2010-26.html http://www.redhat.com/support/errata/RHSA-2010-0 •
CVSS: 9.3EPSS: 13%CPEs: 100EXPL: 0CVE-2010-1196 – nsGenericDOMDataNode:: SetTextInternal
https://notcve.org/view.php?id=CVE-2010-1196
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función GenericDOMDataNode::SetTextInternal en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su elección a través de un nodo DOM con un valor de texto largo que provoca un desbordamiento de búfer basado en la memoria dinámica • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 6%CPEs: 100EXPL: 0CVE-2010-1200 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1200
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de programa) o probablemente ejecutar código de su elección a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/ •
CVSS: 10.0EPSS: 79%CPEs: 100EXPL: 3CVE-2010-1199 – Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1199
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Desbordamiento de enteros en la implementación del nodo de ordenación XSLT en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su elección a través de un valor de texto largo para el nodo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • https://www.exploit-db.com/exploits/34192 https://www.exploit-db.com/exploits/14949 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 12%CPEs: 2EXPL: 2CVE-2010-1988
https://notcve.org/view.php?id=CVE-2010-1988
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. Mozilla Firefox v3.6.3 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (puntero nulo y caída de la aplicación ) o la posibilidad de ejecutar código a su elección a través de código JavaScript que realiza operaciones de concatenación de cadenas y sub-cadenas, diferente a la vulnerabilidad CVE-2009-1571. • http://osvdb.org/64789 http://www.exploit-db.com/exploits/12678 http://www.securityfocus.com/archive/1/511329/100/0/threaded http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12050 •