CVSS: 9.3EPSS: 2%CPEs: 238EXPL: 1CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. El método nsIScriptableUnescapeHTML.parseFragment en el mecanismo de protección ParanoidFragmentSink en Mozilla Firefox en versiones anteriores a 3.5.17 y 3.6.x en versiones anteriores a 3.6.14, Thunderbird en versiones anteriores a 3.1.8 y SeaMonkey en versiones anteriores a 2.0.12 no desinfecta adecuadamente HTML en un documento chrome, lo que hace más fácil a atacantes remotos ejecutar JavaScript arbitrario con privilegios de chrome a través de un javascript: URI en entrada a una extensión, como se demuestra por una secuencia javascript:alert en el atributo (1) HREF de un elemento A o el atributo (2) ACTION de un elemento FORM. • http://downloads.avaya.com/css/P8/documents/100133195 http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf http://www.securityfocus.com/archive/1/510883/100/0/threaded https://bug • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 7%CPEs: 206EXPL: 0CVE-2010-0173
https://notcve.org/view.php?id=CVE-2010-0173
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.9 y v3.6.x antes de v3.6.2, en Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y la aplicación de choque ) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39242 http://secunia.com/advisories/39243 http://secunia.com/advisories/39397 http://securitytracker.com/id?1023775 http://securitytracker.com/id?1023781 http:&#x •
CVSS: 10.0EPSS: 25%CPEs: 206EXPL: 0CVE-2010-0174 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-0174
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.0.19, también en v3.5.x antes de v3.5.9 y 3.6.x antes de v3.6.2; en Thunderbird antes de v3.0.4, y SeaMonkey antes de 2.0.4 permiten a atacantes remotos provocar una denegación de servicio (mediante corrupción de memoria y caída de aplicación) y posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http:&# •
CVSS: 10.0EPSS: 43%CPEs: 144EXPL: 0CVE-2010-0177 – Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0177
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." El objeto window.navigator.plugins en Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, no gestiona adecuadamente la memoria durante la recarga de una pagina, lo que permite a atacantes remotos ejecutar código de forma arbitraria o producir una denegación de servicio (caída de aplicación) a través de vectores inespecíficos que inician el borrado de objetos referenciados, relacionado con la "vulnerabilidad de puntero colgado". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39240 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 http://securitytracker.com/id?1023776 http://ubuntu.com/usn/usn-921-1 http://www.debian.org/security/2010/dsa-2027 http://www.mandriva.com/security&# • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 88%CPEs: 206EXPL: 0CVE-2010-0176 – Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0176
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." Mozilla Firefox v3.0.19, v3.5.x antes de v3.5.9, y v3.6.x antes de v3.6.2; Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 no gestionan adecuadamente la cuenta de referencias a elementos de opción en un árbol XUL optgroup , lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que desencadenan el acceso a los elementos eliminados, relacionados con una vulnerabilidad de puntero colgado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within the way that Mozilla's Firefox parses .XUL files. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http:&# • CWE-399: Resource Management Errors •