CVSS: 10.0EPSS: 97%CPEs: 164EXPL: 5CVE-2011-0065 – Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0065
07 May 2011 — Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. Vulnerabilidad de uso después de la liberación (Use-after-free) en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, permite a atacantes remotos ejecutar código arbitrario mediante OBJECT's mChannel. This vulnerability allows remote attackers to execute arbi... • https://packetstorm.news/files/id/129259 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 164EXPL: 1CVE-2011-0067 – Mozilla untrusted events can trigger autocomplete popup (MFSA 2011-14)
https://notcve.org/view.php?id=CVE-2011-0067
07 May 2011 — Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. Mozilla Firefox v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no implementa adecuadamente el autocompletado de formularios, permitiendo a atacantes remotos leer las entradas del historial de formularios a través de un ... • http://downloads.avaya.com/css/P8/documents/100144158 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 251EXPL: 1CVE-2011-0071 – Mozilla directory traversal via resource protocol (MFSA 2011-16)
https://notcve.org/view.php?id=CVE-2011-0071
07 May 2011 — Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. Vulnerabilidad de salto de directorio en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10, y SeaMonkey anterior a v2.0.14 en Windows permite a atacantes remotos determin... • http://downloads.avaya.com/css/P8/documents/100144158 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 96%CPEs: 164EXPL: 2CVE-2011-0073 – Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0073
07 May 2011 — Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no utiliza correctamente las estructuras de datos nsTreeRange, permitiendo a atacantes remotos ejecutar código arbitrario a través de vectores no especificados produc... • https://www.exploit-db.com/exploits/17419 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 157EXPL: 1CVE-2011-1712
https://notcve.org/view.php?id=CVE-2011-1712
15 Apr 2011 — The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. La función txXPathNodeUtils::getXSLTId en los archivos txMozillaXPathTreeWalker.cpp y txStandaloneXPathTreeWalker.cpp en Mo... • http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 2CVE-2011-1187
https://notcve.org/view.php?id=CVE-2011-1187
11 Mar 2011 — Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Google Chrome en versiones anteriores a la 10.0.648.127 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. Relacionado con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=69187 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 2%CPEs: 157EXPL: 0CVE-2011-0051 – Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
https://notcve.org/view.php?id=CVE-2011-0051
02 Mar 2011 — Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, no controla correctamente ciertas llamadas eval recursivas, lo que facilita a los atacantes remotos a la hora de obligar al... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 157EXPL: 0CVE-2011-0059 – Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)
https://notcve.org/view.php?id=CVE-2011-0059
02 Mar 2011 — Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Mozilla Firefox en versiones anteriores a la 3.5.17 y 3.6.x anteriores a la 3.6.14 y SeaMonkey anteriores a 2.0.12. Permite ... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 23%CPEs: 160EXPL: 0CVE-2011-0058 – Mozilla memory corruption during text run construction (MFSA 2011-07)
https://notcve.org/view.php?id=CVE-2011-0058
02 Mar 2011 — Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. Desbordamiento de búfer en Mozilla Firefox antes de v3.5.17 y en v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, bajo Windows, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (por corr... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 42%CPEs: 238EXPL: 0CVE-2011-0053 – Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
https://notcve.org/view.php?id=CVE-2011-0053
02 Mar 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, Thunderbird antes de v3.1.8 y SeaMonkey antes de v2.0.12 p... • http://downloads.avaya.com/css/P8/documents/100133195 •