CVSS: 8.4EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3181
https://notcve.org/view.php?id=CVE-2010-3181
21 Oct 2010 — Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a 3.1.5, y SeaMonkey anterior a v2.0.9 en Windows permite a usuarios loca... • http://www.mozilla.org/security/announce/2010/mfsa2010-71.html •
CVSS: 9.8EPSS: 6%CPEs: 14EXPL: 0CVE-2010-3175 – Mozilla miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-3175
21 Oct 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox v3.6.x anterior a v3.6.11 y Thunderbird v3.1.x anterior a v3.1.5, permiten a atacantes remotos provocar una denegación de servicio (corrupción d... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 9.8EPSS: 78%CPEs: 221EXPL: 1CVE-2010-3179 – Mozilla Firefox SeaMonkey 3.6.10 / Thunderbird 3.1.4 - 'document.write' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3179
21 Oct 2010 — Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. Un desbordamiento de búfer basado en pila en la funcionalidad text-rendering en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11,... • https://www.exploit-db.com/exploits/34881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 64%CPEs: 221EXPL: 0CVE-2010-3183 – Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3183
19 Oct 2010 — The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. La función LookupGetterOrSetter... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 2%CPEs: 7EXPL: 3CVE-2010-3171 – Mozilla Firefox 3.6.8 - 'Math.random()' Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2010-3171
15 Sep 2010 — The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.... • https://www.exploit-db.com/exploits/34621 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 0%CPEs: 57EXPL: 0CVE-2010-3400
https://notcve.org/view.php?id=CVE-2010-3400
15 Sep 2010 — The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. La función js_InitRandom en la implementación JavaScript de Mozilla Firefox v3.5.x anterior a v3.5.10 y v3.6.x anterior a v3.6.4, y SeaMonkey anterior a v2.0.... • https://bugzilla.mozilla.org/show_bug.cgi?id=475585 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 1%CPEs: 7EXPL: 1CVE-2010-3399
https://notcve.org/view.php?id=CVE-2010-3399
15 Sep 2010 — The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. La función js_InitRandom en la implementación JavaScript de Mozilla Firefox v3.5.10 hasta v3.5.11, v3.6.4 hasta v3.6.8 y v4.0 Bet... • http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 212EXPL: 0CVE-2010-2768 – Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
https://notcve.org/view.php?id=CVE-2010-2768
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 no restringe adecuada... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 35%CPEs: 212EXPL: 0CVE-2010-3166 – nsTextFrameUtils:: TransformText (MFSA 2010-53)
https://notcve.org/view.php?id=CVE-2010-3166
09 Sep 2010 — Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. Desbordamiento de búfer basado en memoria dinámica en la función nsTextFrameUtils::TransformText en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2010-2763
https://notcve.org/view.php?id=CVE-2010-2763
09 Sep 2010 — The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. La clase XPCSafeJSObjectWrapper en la implementación SafeJSObjectWrapper (también conocido como SJOW) en Mozilla Firefox anterior a v3.5.12, Thunderbird anter... • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •