CVSS: 10.0EPSS: 3%CPEs: 9EXPL: 0CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a la v2.0.3 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores relativos a la función nsBlockFrame::StealFrame en layout/generic/nsBlockFrame.cpp, ay otros vectores no específicos. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242& •
CVSS: 10.0EPSS: 36%CPEs: 68EXPL: 0CVE-2010-0160 – Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0160
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. La funcionalidad Web Worker en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, y SeaMonkey anteriores a la v2.0.3, no manejan de forma adecuada los tipos de datos array para mensajes posteado, lo que permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria dinámica y caída de la aplicación) o posiblemente ejecución de código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38847 http://www.debian.org/security/2010/dsa-1999 http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 2%CPEs: 51EXPL: 0CVE-2009-3388
https://notcve.org/view.php?id=CVE-2009-3388
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." liboggplay en Mozilla Firefox v3.5.x antes de v3.5.6 y SeaMonkey antes de v2.0.1 podría permitir a atacantes dependientes de contexto causar una denegación de servicio (por caída de la aplicación) o ejecutar código arbitrario a través de vectores no especificados, relacionados con "cuestiones de seguridad de la memoria." • http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://securitytracker.com/id?1023335 http://securitytracker.com/id?1023336 http://www.mozilla.org/security/announce/2009/mfsa2009-66.html http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37369 http://www.ubuntu.com/usn/USN-874-1 http:/& • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 9%CPEs: 51EXPL: 0CVE-2009-3389
https://notcve.org/view.php?id=CVE-2009-3389
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. Un desbordamiento de entero en libtheora en Xiph.Org Theora antes de v1.1, tal como se utiliza en Mozilla Firefox v3.5 antes de v3.5.6 y SeaMonkey antes de v2.0.1, permite a atacantes remotos causar una denegación de servicio (mediante caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un vídeo de grandes dimensiones. • http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://secunia.com/advisories/39317 http://www.mandriva.com/security/advisories?name=MDVSA-2010:043 http://www.mozilla.org/security/announce/2009/mfsa2009-67.html http://www.novell.com/linux/sec • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 9%CPEs: 52EXPL: 0CVE-2009-3980
https://notcve.org/view.php?id=CVE-2009-3980
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x antes de v3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permiten a atacantes remotos provocar una denegación de servicio (por corrupción de la memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://securitytracker.com/id?1023333 http://securitytracker.com/id?1023334 http://www.mozilla.org/security/announce/2009/mfsa2009-65.html http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37362 http://www.ubuntu.com/usn/USN-874-1 http:/& • CWE-399: Resource Management Errors •