CVSS: 10.0EPSS: 6%CPEs: 116EXPL: 0CVE-2009-2465 – Mozilla double frame construction crashes
https://notcve.org/view.php?id=CVE-2009-2465
22 Jul 2009 — Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. Mozilla Firefox anteriores v3.0.12 y Thunderbird permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) o ejecuta... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 5%CPEs: 98EXPL: 0CVE-2009-2467 – Mozilla remote code execution during Flash player unloading
https://notcve.org/view.php?id=CVE-2009-2467
22 Jul 2009 — Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. Mozilla Firefox before v3.0.12 y v3.5 anterior a v3.5.1, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html •
CVSS: 10.0EPSS: 23%CPEs: 95EXPL: 0CVE-2009-2468 – Gentoo Linux Security Advisory 201405-13
https://notcve.org/view.php?id=CVE-2009-2468
22 Jul 2009 — Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194. Desbordamiento de enteros en Apple CoreGraphics en Apple Mac OS X, usado en Mozilla Firefox anteriores a v3.0.12, permite a atacantes remotos ... • http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 7%CPEs: 96EXPL: 0CVE-2009-2469 – Mozilla remote code execution using watch and __defineSetter__ on SVG element
https://notcve.org/view.php?id=CVE-2009-2469
22 Jul 2009 — Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. Mozilla Firefox anterior a la v3.0.12 no maneja adecuadamente un elemento SVG que posee una propiedad con una función "watch" y una función "__defineSetter__"... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 95EXPL: 0CVE-2009-2471 – Mozilla setTimeout loses XPCNativeWrappers
https://notcve.org/view.php?id=CVE-2009-2471
22 Jul 2009 — The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. La función setTimeout en Mozilla Firefox anterior a 3.0.12 no conserva adecuadamente la encapsulación del objeto, lo que permite a atacantes remotos ejecutar código JavaScript de su elección con privilegios chrome a través de una llamada manipulada. Relacionado con XPCNativeWr... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2472 – Mozilla multiple cross origin wrapper bypasses
https://notcve.org/view.php?id=CVE-2009-2472
22 Jul 2009 — Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." Mozilla Firefox anteriores a v3.0.12 no usa siempre XPCCrossOriginWrapper cuando es requerido durante la construcción del objeto, lo que permite a atacantes remotos eludir la "Same Origin Policy" y realizar ataques de se... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 5%CPEs: 124EXPL: 0CVE-2009-2462 – Mozilla Browser engine crashes
https://notcve.org/view.php?id=CVE-2009-2462
22 Jul 2009 — The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 6%CPEs: 116EXPL: 1CVE-2009-2466 – Mozilla JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-2466
22 Jul 2009 — The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. JavaScript engine en Mozilla Firefox anteriores v3.0.12 y Thunderbird permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) o posi... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 10%CPEs: 185EXPL: 2CVE-2009-2535 – Multiple Browsers - Denial of Service
https://notcve.org/view.php?id=CVE-2009-2535
20 Jul 2009 — Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero gran... • https://www.exploit-db.com/exploits/9160 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 0%CPEs: 87EXPL: 1CVE-2009-2061
https://notcve.org/view.php?id=CVE-2009-2061
15 Jun 2009 — Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. Mozilla Firefox anterior a v3.0.10 procesa una respuesta 3xx CONEXIÓN HTTP anteriores a una negociación SSL con éxito, lo que permite a los atacantes "hombre en el medio" ejecutar arbitrariamente una secuencia de c... • http://research.microsoft.com/apps/pubs/default.aspx?id=79323 • CWE-310: Cryptographic Issues •