CVSS: 10.0EPSS: 4%CPEs: 104EXPL: 0CVE-2009-3070 – Firefox 3.5 3.0.14 browser engine crashes
https://notcve.org/view.php?id=CVE-2009-3070
10 Sep 2009 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador de Mozilla Firefox en versiones anteriores a la v3.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o probablemente ejecutar código ... • http://secunia.com/advisories/36670 •
CVSS: 10.0EPSS: 3%CPEs: 106EXPL: 0CVE-2009-3071 – Firefox 3.5.2 3.0.14 browser engine crashes
https://notcve.org/view.php?id=CVE-2009-3071
10 Sep 2009 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador Mozilla Firefox anteriores a v3.0.14, y v3.5.x anteriores a v3.5.2, permite a los atacantes remotos causar una denegación de servicios (corrupción de memoria y caída de la apl... • http://secunia.com/advisories/36670 •
CVSS: 10.0EPSS: 6%CPEs: 104EXPL: 0CVE-2009-3074 – Firefox 3.5 3.0.14 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-3074
10 Sep 2009 — Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor JavaScript de Mozilla Firefox en versiones anteriores a la v3.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través... • http://secunia.com/advisories/36670 •
CVSS: 7.5EPSS: 1%CPEs: 107EXPL: 0CVE-2009-3078 – Firefox 3.5.3 3.0.14 Location bar spoofing via tall line-height Unicode characters
https://notcve.org/view.php?id=CVE-2009-3078
10 Sep 2009 — Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. Vulnerabilidad de truncado visual en Mozilla Firefox anteriores a v3.0.14, y v3.5.x anteriores a v3.5.3, permite a atacantes remotos iniciar un scroll vertical y falsificar URLs a traves de caracteres Unicode con una propiedad "line-height" alta. • http://secunia.com/advisories/36670 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 107EXPL: 0CVE-2009-3079 – Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter
https://notcve.org/view.php?id=CVE-2009-3079
10 Sep 2009 — Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. Vulnerabilidad inespecífica en Mozilla Firefox anteriores a la v3.0.14, y v3.5.x anterior a la v3.5.3, permite a atacantes remotos ejecutar Javascript arbitrario con privilegios de chrome a través de vectores que incluyen un objeto, el FeedWriter, y el BrowserFeedWriter. • http://secunia.com/advisories/36670 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 4%CPEs: 107EXPL: 0CVE-2009-3072 – Firefox 3.5.3 3.0.14 browser engine crashes
https://notcve.org/view.php?id=CVE-2009-3072
10 Sep 2009 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación de Mozilla Firefox ante... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 10.0EPSS: 6%CPEs: 106EXPL: 0CVE-2009-3075 – Firefox 3.5.2 3.0.14 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-3075
10 Sep 2009 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. Múltiples vulnerabilidades sin especificar en el motor JavaScript en Mozilla Fir... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 9.8EPSS: 18%CPEs: 104EXPL: 1CVE-2009-3076 – Mozilla Firefox < 3.0.14 - Multiplatform Remote Code Execution via pkcs11.addmodule
https://notcve.org/view.php?id=CVE-2009-3076
10 Sep 2009 — Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. Mozilla Firefox anterior a v3.0.4 no implementa adecuadamente ciertos dialogos asociados con las operaciones (1) pkcs11.addmodule y (2) pkcs11.deletemodule, lo que facilita a atacantes remotos engañar a un usuario instalando o eliminando un m... • https://www.exploit-db.com/exploits/9651 •
CVSS: 9.3EPSS: 5%CPEs: 107EXPL: 0CVE-2009-3077 – Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3077
10 Sep 2009 — Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." Mozilla Firefox en versiones anteriores a la v3.0.14 y las versiones v3.5.x anteriores a v3.5.3, no gestiona apropiadamente los punteros para las columnas (también conocido como "TreeColumns") de un elemento de árbol XUL, lo que permi... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2009-3010
https://notcve.org/view.php?id=CVE-2009-3010
31 Aug 2009 — Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product v... • http://websecurity.com.ua/3315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •