CVSS: 9.8EPSS: 2%CPEs: 212EXPL: 0CVE-2010-3169 – Mozilla Miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-3169
09 Sep 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación de Mozilla Firefox v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anteri... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 9.3EPSS: 25%CPEs: 212EXPL: 4CVE-2010-3131 – Mozilla Firefox 3.6.8 - 'dwmapi.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3131
26 Aug 2010 — Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. Una vulnerabilidad de ruta de búsqueda no confiable en Firefox anterior a versión 3.5.12 y versiones 3.6.x an... • https://www.exploit-db.com/exploits/14730 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2010-1207 – Mozilla Same-origin bypass using canvas context
https://notcve.org/view.php?id=CVE-2010-1207
30 Jul 2010 — Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. Mozilla Firefox en versiones anteriores a la v3.6.7 y Thunderbird en versiones anteriores a la v3.1.1 no implementan apropiadamente las restricciones de acceso a los elementos CANVAS, lo que permite a atacantes remotos obtener información confidencial f... • http://www.mozilla.org/security/announce/2010/mfsa2010-43.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 191EXPL: 0CVE-2010-1210 – Mozilla Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
https://notcve.org/view.php?id=CVE-2010-1210
30 Jul 2010 — intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. intl/uconv/util/nsUnicodeDecodeHelper.cpp en Mozilla Firefox en versiones anteriores a la v3.6.7 y Thunderbird en anteriores a la v3.1.1 inserta una secuencia U+FFFD en texto en determinadas circunst... • http://www.mozilla.org/security/announce/2010/mfsa2010-44.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 29%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
30 Jun 2010 — Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. ... • https://www.exploit-db.com/exploits/14422 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 1CVE-2010-1990
https://notcve.org/view.php?id=CVE-2010-1990
20 May 2010 — Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Mozilla Firefox v3.6.x, v3.5.x, v3.0.19, anteriores y SeaMonkey, ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC, lo que permite a atacantes... • http://websecurity.com.ua/4206 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 238EXPL: 1CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
28 Apr 2010 — The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 5%CPEs: 206EXPL: 0CVE-2010-0173
https://notcve.org/view.php?id=CVE-2010-0173
05 Apr 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.9 y v3.6.x antes de v3.6.2, en Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 per... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html •
CVSS: 10.0EPSS: 3%CPEs: 206EXPL: 0CVE-2010-0174 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-0174
05 Apr 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.0.19, también en v3.5.x antes de v3.5.9 y 3.6.x antes de v3.6.2; en Thu... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html •
CVSS: 9.8EPSS: 4%CPEs: 144EXPL: 0CVE-2010-0178 – Firefox Chrome privilege escalation via forced URL drag and drop
https://notcve.org/view.php?id=CVE-2010-0178
05 Apr 2010 — Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, no impide que los applets interpreten los clicks del ... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •