CVSS: 9.1EPSS: 1%CPEs: 167EXPL: 0CVE-2011-0076
https://notcve.org/view.php?id=CVE-2011-0076
07 May 2011 — Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors. Vulnerabilidad no especificada en el Java Embedding Plugin (JEP) en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, en Mac OS X permite a atacantes remotos evitar las restricciones de acceso a través de vectores desconoc... • http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 •
CVSS: 10.0EPSS: 14%CPEs: 13EXPL: 1CVE-2011-0079
https://notcve.org/view.php?id=CVE-2011-0079
07 May 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors. Multiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v4.x anterior a v4.0.1 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria... • http://www.mozilla.org/security/announce/2011/mfsa2011-12.html •
CVSS: 7.5EPSS: 1%CPEs: 251EXPL: 1CVE-2011-0071 – Mozilla directory traversal via resource protocol (MFSA 2011-16)
https://notcve.org/view.php?id=CVE-2011-0071
07 May 2011 — Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. Vulnerabilidad de salto de directorio en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10, y SeaMonkey anterior a v2.0.14 en Windows permite a atacantes remotos determin... • http://downloads.avaya.com/css/P8/documents/100144158 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 157EXPL: 1CVE-2011-1712
https://notcve.org/view.php?id=CVE-2011-1712
15 Apr 2011 — The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. La función txXPathNodeUtils::getXSLTId en los archivos txMozillaXPathTreeWalker.cpp y txStandaloneXPathTreeWalker.cpp en Mo... • http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 8%CPEs: 16EXPL: 0CVE-2011-1300
https://notcve.org/view.php?id=CVE-2011-1300
15 Apr 2011 — The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. La función Program::getActiveUniformMaxLength en el archivo libGLESv2/Program.cpp en la biblioteca libGLESv2.dll ... • http://code.google.com/p/angleproject/source/detail?r=611 • CWE-189: Numeric Errors •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 2CVE-2011-1187
https://notcve.org/view.php?id=CVE-2011-1187
11 Mar 2011 — Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Google Chrome en versiones anteriores a la 10.0.648.127 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. Relacionado con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=69187 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 15%CPEs: 157EXPL: 0CVE-2011-0057 – Mozilla use-after-free error using Web Workers (MFSA 2011-06)
https://notcve.org/view.php?id=CVE-2011-0057
02 Mar 2011 — Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. Vulnerabilidad de uso después de liberación en la implementación de Web Workers para Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, permite a atacantes remotos ejecutar código arbitrario a través de vec... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 21%CPEs: 20EXPL: 0CVE-2011-0062 – Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
https://notcve.org/view.php?id=CVE-2011-0062
02 Mar 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador de Mozilla Firefox 3.6.x anteriores a la versión 3.6.14 y Thunderbird 3.1.x anteriores a 3.1.8. Permiten a atacantes remotos provocar una denegación de servicio... • http://downloads.avaya.com/css/P8/documents/100133195 •
CVSS: 10.0EPSS: 20%CPEs: 157EXPL: 0CVE-2011-0056 – Mozilla Buffer overflow in JavaScript atom map (MFSA 2011-05)
https://notcve.org/view.php?id=CVE-2011-0056
02 Mar 2011 — Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue. Vulnerabilidad de desbordamiento de buffer en el motor Javascript de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, podría permitir a atacantes remotos ejecutar código de su elección a ... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 157EXPL: 0CVE-2011-0059 – Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)
https://notcve.org/view.php?id=CVE-2011-0059
02 Mar 2011 — Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Mozilla Firefox en versiones anteriores a la 3.5.17 y 3.6.x anteriores a la 3.6.14 y SeaMonkey anteriores a 2.0.12. Permite ... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-352: Cross-Site Request Forgery (CSRF) •