CVSS: 10.0EPSS: 10%CPEs: 205EXPL: 0CVE-2010-0175 – Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0175
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. Vulnerabilidad de uso después de la liberación (Use after free)en la implementación nsTreeSelection en Mozilla Firefox anteriores a v3.0.19 y v3.5.x anteriores a v3.5.9, Thunderbird anteriores a v3.0.4, y SeaMonkey anteriores a v2.0.4, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de vectores no específicos que pueden provocar una llamada a ciertos gestores de de eventos. This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Mozilla's Firefox. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http:&# • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2010-1122
https://notcve.org/view.php?id=CVE-2010-1122
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028. Vulnerabilidad no especificada en Mozilla Firefox 3.5.x hasta 3.5.8 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) y puede que tenga otros impactos que no se conozcan utilizando vectores que puede que formen parte de datos comprimidos. • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 https://bugzilla.mozilla.org/show_bug.cgi?id=552216 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12448 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 23%CPEs: 3EXPL: 0CVE-2010-1121 – Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1121
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. Firefox de Mozilla versiones 3.6.x anteriores a 3.6.3, no administra apropiadamente los ámbitos de los nodos DOM que son movidos de un documento a otro, lo que permite a los atacantes remotos conducir ataques de uso de memoria previamente liberada y ejecutar código arbitrario por medio de vectores no especificados que implican una interacción inapropiada con garbage collection, como es demostrado por Nils durante una competencia de Pwn2Own en CanSecWest 2010. This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. ... If timed correctly Firefox will incorrectly reference a previously freed object which can be leveraged by an attacker to execute arbitrary code under the context of the current user. • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://news.cnet.com/8301-27080_3-20001126-245.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 ht • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 0CVE-2010-0165
https://notcve.org/view.php?id=CVE-2010-0165
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. La función TraceRecorder::traverseScopeChain en js/src/jstracer.cpp en Mozilla Firefox v3.6 anterior a v3.6.2 permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) y probablemente ejecutar código a su elección a través de vectores relacionados con ciertas llamadas indirectas a la función eval JavaScript. • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-11.html http://www.securityfocus.com/bid/38918 http://www.vupen.com/english/advisories/2010/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=542849 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8472 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 24%CPEs: 85EXPL: 1CVE-2010-0167 – Mozilla Firefox/Thunderbird/SeaMonkey - Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0167
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, y v3.6.x anterior a v3.6.2; Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a la v2.0.3 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) y posiblemente ejecutar código de su elección a través de vectores relativos a (1) layout/generic/nsBlockFrame.cpp y (2) la función _evaluate en modules/plugin/base/src/nsNPAPIPlugin.cpp. Mozilla Firefox / Thunderbird / Seamonkey all suffer from multiple memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/33801 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-11.html http://www.securityfocus.com/bid/38918 http://www.securityfocus.com/bid/38944 http://www.vupen.com/english/advisories/2010/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=534082 https://bugzilla.mozilla.org/show_bug.cgi?id=535641 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ade • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •