CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 0CVE-2010-1197 – Content-Disposition: attachment ignored if Content-Type: multipart also present
https://notcve.org/view.php?id=CVE-2010-1197
23 Jun 2010 — Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, y SeaMonkey anterior v2.0.5, no maneja adecuadamente situaciones en que "Content-Disposition: attachment" y ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 22%CPEs: 58EXPL: 0CVE-2010-1198 – Mozilla Freed object reuse across plugin instances
https://notcve.org/view.php?id=CVE-2010-1198
23 Jun 2010 — Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. Vulnerabilidad de uso después de la liberación (Use-after-free) en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, y SeaMonkey anterior v2.0.5, permite a atacantes remotos ejecutar código de su elección a través de vectores involucrados en múltiples instancias plugin. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 7%CPEs: 100EXPL: 0CVE-2010-1200 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1200
23 Jun 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 9.3EPSS: 9%CPEs: 97EXPL: 1CVE-2010-1201
https://notcve.org/view.php?id=CVE-2010-1201
23 Jun 2010 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 9.3EPSS: 53%CPEs: 100EXPL: 0CVE-2010-1202 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1202
23 Jun 2010 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidad no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey permite a... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 9.8EPSS: 11%CPEs: 3EXPL: 0CVE-2010-1203 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1203
23 Jun 2010 — The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. El motor de JavaScript en Firefox de Mozilla versiones 3.6.x anteriores a 3.6.4, permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de vectores q... • http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html •
CVSS: 10.0EPSS: 76%CPEs: 100EXPL: 3CVE-2010-1199 – Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1199
23 Jun 2010 — Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Desbordamiento de enteros en la implementación del nodo de ordenación XSLT en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su ele... • https://www.exploit-db.com/exploits/34192 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 11EXPL: 1CVE-2010-2117
https://notcve.org/view.php?id=CVE-2010-2117
01 Jun 2010 — Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. Vulnerabilidad en Mozilla Firefox v3.0.19, v3.5.x, y v3.6.x permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs no válidas de tipo (1) news:/... • http://websecurity.com.ua/4238 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 2CVE-2010-1987
https://notcve.org/view.php?id=CVE-2010-1987
20 May 2010 — Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. Mozilla Firefox v3.6.3 en Wi... • http://osvdb.org/64790 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 2CVE-2010-1986
https://notcve.org/view.php?id=CVE-2010-1986
20 May 2010 — Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. Mozilla Firefox v3.6.3 en Windows XP SP3 permite a atacantes remotos causar una denegación del servicio (c... • http://www.exploit-db.com/exploits/12678 • CWE-399: Resource Management Errors •