CVSS: 9.8EPSS: 1%CPEs: 30EXPL: 0CVE-2013-0763 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0763
13 Jan 2013 — Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to Mesa drivers and a resized WebGL canvas. Vulnerabilidad de uso después de liberación en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a v17.0.1, Thunderbird before v17.0.2, Thunderbird ESR... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 2CVE-2013-0749 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0749
13 Jan 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de navegación en Mozilla Firefox anterior a 18.0, Firefox ESR 10.x anterior a 10.0.12 y 17.x an... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html •
CVSS: 9.8EPSS: 1%CPEs: 26EXPL: 1CVE-2013-0768 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0768
13 Jan 2013 — Stack-based buffer overflow in the Canvas implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via an HTML document that specifies invalid width and height values. Desbordamiento de búfer basado en pila en la implementación Canvas en Mozilla Firefox anterior a v18.0, Firefox ESR v17.x anterior a 17.0.2, Thunderbird anterior a v17.0.2, Thunderbir... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 21EXPL: 1CVE-2013-0770 – Gentoo Linux Security Advisory 201309-23
https://notcve.org/view.php?id=CVE-2013-0770
13 Jan 2013 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor de búsqueda de Mozilla Firefox anterior a v18.0, Thunderbird anterior a v17.0.2, y SeaMonkey anterior a v2.15 permite ataques remotos que provocan una denegación d... • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html •
CVSS: 10.0EPSS: 1%CPEs: 8EXPL: 0CVE-2011-3079 – Debian Security Advisory 3260-1
https://notcve.org/view.php?id=CVE-2011-3079
01 May 2012 — The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. La implementación de Inter-process Communication (IPC) en Google Chrome en versiones anteriores a 18.0.1025.168, tal como se utiliza en Mozilla Firefox en versiones anteriores a 38.0 y otros productos, no valida mensajes adecuadamente, lo que tiene un impacto y vectores de a... • http://code.google.com/p/chromium/issues/detail?id=117627 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 96%CPEs: 51EXPL: 2CVE-2007-0981 – Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
https://notcve.org/view.php?id=CVE-2007-0981
16 Feb 2007 — Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8... • https://www.exploit-db.com/exploits/3340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 30EXPL: 0CVE-2006-5160
https://notcve.org/view.php?id=CVE-2006-5160
03 Oct 2006 — Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. ** IMPUGNADA ** Múltiples vulnerabilidades en Mozilla Firefox tienen vectores e impacto no especifica... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 8.8EPSS: 46%CPEs: 30EXPL: 0CVE-2006-5159
https://notcve.org/view.php?id=CVE-2006-5159
03 Oct 2006 — Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succee... • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon •
CVSS: 6.4EPSS: 8%CPEs: 30EXPL: 0CVE-2006-3352
https://notcve.org/view.php?id=CVE-2006-3352
06 Jul 2006 — Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their t... • http://isc.sans.org/diary.php?storyid=1448 •
CVSS: 9.8EPSS: 23%CPEs: 24EXPL: 1CVE-2006-2788
https://notcve.org/view.php?id=CVE-2006-2788
02 Jun 2006 — Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. • http://rhn.redhat.com/errata/RHSA-2006-0609.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •