CVSS: 10.0EPSS: 40%CPEs: 207EXPL: 0CVE-2011-2375 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2375
30 Jun 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de la v5.0 y de Thunderbird hasta la v3.1.11, que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de a... • http://support.avaya.com/css/P8/documents/100144854 •
CVSS: 9.8EPSS: 0%CPEs: 206EXPL: 0CVE-2011-2605 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2605
30 Jun 2011 — CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. Inyección CRLF en la función nsCookieService::SetCookieStringInt... • http://www.mozilla.org/security/announce/2011/mfsa2011-19.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 95%CPEs: 265EXPL: 3CVE-2011-2371 – Mozilla Firefox - 'Array.reduceRight()' Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2371
30 Jun 2011 — Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. Desbordamiento de enteros en el método Array.reduceRight en Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14 permite a atacantes remotos ejecutar código arbitrario a través de vectores que... • https://www.exploit-db.com/exploits/17976 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 11%CPEs: 265EXPL: 0CVE-2011-2373 – Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20)
https://notcve.org/view.php?id=CVE-2011-2373
30 Jun 2011 — Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. Vulnerabilidad use-after-free en Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, cuando JavaScript está deshabilitado, permite a atacantes remotos ejecutar código de su elección a través de un documen... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 122EXPL: 0CVE-2011-2370
https://notcve.org/view.php?id=CVE-2011-2370
30 Jun 2011 — Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. Mozilla Firefox antes de v5.0 no aplica correctamente la lista blanca para la funcionalidad xpinstall, lo que permite a atacantes remotos para provocar un cuadro de diálogo de instalación de un (1) add-on o (2) el tema a través de vectores no especificados. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 39%CPEs: 206EXPL: 0CVE-2011-2374 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2374
30 Jun 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caí... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html •
CVSS: 9.8EPSS: 56%CPEs: 265EXPL: 0CVE-2011-2377 – Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21)
https://notcve.org/view.php?id=CVE-2011-2377
30 Jun 2011 — Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente e... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 225EXPL: 2CVE-2011-2366
https://notcve.org/view.php?id=CVE-2011-2366
30 Jun 2011 — Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Mozilla Gecko usado en Firefox v5.0 y Thunderbird antes de v5.0, no bloquea el uso de una imagen como textura WebGL en dominios cruzados, lo que permite a atacantes remotos obtener copias aproximadas de imágenes arbitrarias... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 20%CPEs: 176EXPL: 1CVE-2011-0069 – Mozilla javascript crash (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0069
07 May 2011 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19, v3.6.x anterior a v3.6.17,... • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird •
CVSS: 10.0EPSS: 20%CPEs: 176EXPL: 1CVE-2011-0070 – Mozilla double free flaw (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0070
07 May 2011 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19, v3.6.x anterior a v3.6.17,... • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird •