CVSS: 9.3EPSS: 3%CPEs: 152EXPL: 0CVE-2009-3981 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-3981
17 Dec 2009 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox antes de v3.0.16, SeaMonkey antes de v2.0.1 y Thunderbird permite a atacantes remotos provocar una denegación de servicio (mediante corrupción de la memoria y bloq... • http://secunia.com/advisories/37699 •
CVSS: 9.1EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3983 – Mozilla NTLM reflection vulnerability
https://notcve.org/view.php?id=CVE-2009-3983
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite enviar solicitudes autenticadas a aplicaciones arbitrarias a atacantes remotos respondiendo a las credenciales NTLM de un usuario del navegador. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 6.8EPSS: 2%CPEs: 157EXPL: 0CVE-2009-3984 – Mozilla SSL spoofing with document.location and empty SSL response page
https://notcve.org/view.php?id=CVE-2009-3984
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos suplantar un indicador de SSL para una URL o fichero HTTP URL estableciendo... • http://secunia.com/advisories/37699 •
CVSS: 6.8EPSS: 0%CPEs: 156EXPL: 0CVE-2009-3985 – Mozilla URL spoofing via invalid document.location
https://notcve.org/view.php?id=CVE-2009-3985
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos asociar contenido falsificado con una URL inválida estableciendo el ... • http://secunia.com/advisories/37699 •
CVSS: 9.8EPSS: 2%CPEs: 156EXPL: 0CVE-2009-3986 – Mozilla Chrome privilege escalation via window.opener
https://notcve.org/view.php?id=CVE-2009-3986
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos ejecutar código JavaScript arbitrario con privilegios al aprovechar una referencia a una ventana de chrome desd... • http://secunia.com/advisories/37699 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 156EXPL: 0CVE-2009-3987
https://notcve.org/view.php?id=CVE-2009-3987
17 Dec 2009 — The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. La función GeckoActiveXObject en Mozilla Firefox antes de v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonk... • http://secunia.com/advisories/37699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 3%CPEs: 156EXPL: 0CVE-2009-3979 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-3979
17 Dec 2009 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.0.16 y 3.5.x antes de 3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permiten a atacantes remotos provoca... • http://secunia.com/advisories/37699 •
CVSS: 6.5EPSS: 0%CPEs: 70EXPL: 0CVE-2009-3978
https://notcve.org/view.php?id=CVE-2009-3978
19 Nov 2009 — The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. la función nsGIFDecoder2::GifWrite en decoders/gif/nsGIFDecoder2.cpp en libpr0n en Mozilla Firefox anterior a v3.5.5, permite a atacantes remotos provocar una denegación de servicio (deferencia punter... • http://hg.mozilla.org/releases/mozilla-1.9.1/rev/edf189567edc •
CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2009-3274 – Firefox: Predictable /tmp pathname use
https://notcve.org/view.php?id=CVE-2009-3274
21 Sep 2009 — Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. Mozilla Firefox v3.6a1, v3.5.2, y versiones anteriores a v2.x y v3.x e... • http://jbrownsec.blogspot.com/2009/09/vamos-updates.html •
CVSS: 6.5EPSS: 2%CPEs: 59EXPL: 2CVE-2008-7244 – Multiple Browsers - 'window.print()' Denial of Service
https://notcve.org/view.php?id=CVE-2008-7244
18 Sep 2009 — Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821. Mozilla Firefox v3.0.1 y anteriores permite a atacantes remotos producir una denegación de servicio (navegador colgado) mediante una llamada en bucle a la función window.print, también conocido como "ataque DoS de impresión", posiblemente relacionado con CVE-2009-0821. • https://www.exploit-db.com/exploits/12509 • CWE-399: Resource Management Errors •