Page 148 of 881 results (0.037 seconds)

CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1

CVE-2010-0164 – Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-0164

Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. Vulnerabilidad uso después de la liberación (use-after-free) en la función imgContainer::InternalAddFrameHelper en src/imgContainer.cpp en libpr0n en Mozilla Firefox v3.6 anterior a v3.6.2 permite a atacantes remotos producir una denegación de servicio (corrupción de la memoria de la pila y caída de la aplicación) o posiblemente ejecución arbitraria de código a través de una animación multipart/x-mixed-replace en el que los frames tienen valores diferentes de bit por pixel (bpp). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-09.html http://www.securityfocus.com/archive/1/510535/100/0/threaded http://www.securityfocus.com/bid/38918 http://www.securityfocus.com/bid/38921 http://www.vupen.com/english/advisories/2010/0692 http://www.zerodayinitiative.com/advisories/ZDI-10-047 https://bugzilla.mozilla.org/show_bug.cgi?id=547143 https://oval.cisecurity.org/repository/search/definition/oval • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 86%CPEs: 8EXPL: 0

CVE-2010-1028 – Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2010-1028

Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. Un desbordamiento de enteros en la funcionalidad de descompresión en el decodificador Web Open Fonts Format (WOFF) en Firefox de Mozilla versiones 3.6 anteriores a 3.6.2 y versiones 3.7 anteriores a 3.7 alpha 3, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo WOFF especialmente diseñado que desencadena un desbordamiento de búfer, como es demostrado por el módulo vd_ff en VulnDisco versión 9.0. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608 http://blog.mozilla.com/security/2010/03/18/update-on-secunia-advisory-sa38608 http://blog.psi2.de/en/2010/02/20/going-commercial-with-firefox-vulnerabilities http://secunia.com/advisories/38608 http://secunia.com/community/forum/thread/show/3592 http://www.h-online.com/security/news/item/Zero-day-exploit-for-Firefox-3-6-936124.html http://www.kb.cert.org/vuls/id/964549 http://www.mozilla.org& • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 7%CPEs: 47EXPL: 1

CVE-2010-0655 – Mozilla Firefox 3.5.8 - Style Sheet redirection Information Disclosure

https://notcve.org/view.php?id=CVE-2010-0655

Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows user-assisted remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving the display of a blocked popup window during navigation to a different web site. Vulnerabilidad uso después de la liberación (use-after-free) en Google Chrome anterior a v4.0.249.78 permite a atacantes remotos asistidos por usuarios provocar una denegación de servicio (cuelgue de aplicación) o posiblemente ejecutar código arbitrario a través de vectores relacionados con la aparición de una ventana emergente bloqueada durante la navegación a un sitio web diferente. • https://www.exploit-db.com/exploits/33664 http://code.google.com/p/chromium/issues/detail?id=12523 http://googlechromereleases.blogspot.com/2010/01/stable-channel-update_25.html http://secunia.com/secunia_research/2009-65 http://securitytracker.com/id?1023506 http://sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14069 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 17%CPEs: 67EXPL: 0

CVE-2009-1571 – Mozilla incorrectly frees used memory (MFSA 2010-03)

https://notcve.org/view.php?id=CVE-2009-1571

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. Vulnerabilidad de uso después de la liberación en el parser HTML en Mozilla Firefox v3.0.x anteriores a v3.0.18 y v3.5.x anterior a v3.5.8, Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a v2.0.3, permite a atacantes remotos ejecutar código de su elección a través de métodos no especificados referidos al intento de acceder a objetos liberados en situaciones de baja memoria. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.4EPSS: 1%CPEs: 33EXPL: 0

CVE-2009-3988 – Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability

https://notcve.org/view.php?id=CVE-2009-3988

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. Mozilla Firefox v3.0.x anterior a la v3.0.18 y v3.5.x anterior a la v3.5.8, y SeaMonkey anterior a la v2.0.3, no restringen de forma adecuada el acceso a las propiedades del objeto en showModalDialog, lo que permite a atacantes remotos saltarse la Same Origin Policy y conducir un ataque de ejecución de secuencias de comandos en sitios cruzados a través de valores manipulados dialogArguments. This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38847 http://www.debian.org/security/2010/dsa-1999 http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 • CWE-264: Permissions, Privileges, and Access Controls •