Page 195 of 1131 results (0.070 seconds)

CVSS: 9.3EPSS: 7%CPEs: 149EXPL: 0

CVE-2010-3176 – Mozilla miscellaneous memory safety hazards

https://notcve.org/view.php?id=CVE-2010-3176

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http:&# •

CVSS: 9.3EPSS: 16%CPEs: 221EXPL: 0

CVE-2010-3180 – Mozilla use-after-free error in nsBarProp

https://notcve.org/view.php?id=CVE-2010-3180

Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. Vulnerabilidad de uso después de liberación (Use-after-free) en la función nsBarProp en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 permite a atacantes remotos ejecutar código de su elección accediendo a la propiedad "locationbar" una ventana cerrada. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http:&# • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 9.3EPSS: 84%CPEs: 221EXPL: 1

CVE-2010-3179 – Mozilla Firefox SeaMonkey 3.6.10 / Thunderbird 3.1.4 - 'document.write' Memory Corruption

https://notcve.org/view.php?id=CVE-2010-3179

Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. Un desbordamiento de búfer basado en pila en la funcionalidad text-rendering en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de argumentos largos en el método document.write. • https://www.exploit-db.com/exploits/34881 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 221EXPL: 0

CVE-2010-3182 – Mozilla unsafe library loading flaw

https://notcve.org/view.php?id=CVE-2010-3182

A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Una secuencia de comandos de ciertas aplicaciones que ejecutan Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y 3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 en Linux coloca un nombre de directorio de longitud cero en LD_LIBRARY_PATH, que permite a usuarios locales conseguir privilegios a través de una biblioteca compartida (caballo de Troya) en el directorio de trabajo actual. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-20 •

CVSS: 5.8EPSS: 0%CPEs: 221EXPL: 0

CVE-2010-3178 – Mozilla cross-site information disclosure via modal calls

https://notcve.org/view.php?id=CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 no manejan adecuadamente algunas llamadas modales hechas por javascript: en circunstancias relacionadas con la apertura de URLs en nuevas ventanas y navegación entre dominios, permite a atacantes remotos evitar la "Same Origin Policy" mediante un documento HTML manipulado. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:2 • CWE-264: Permissions, Privileges, and Access Controls •