CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 1CVE-2010-1990
https://notcve.org/view.php?id=CVE-2010-1990
20 May 2010 — Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Mozilla Firefox v3.6.x, v3.5.x, v3.0.19, anteriores y SeaMonkey, ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC, lo que permite a atacantes... • http://websecurity.com.ua/4206 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 2EXPL: 2CVE-2010-1988
https://notcve.org/view.php?id=CVE-2010-1988
20 May 2010 — Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. Mozilla Firefox v3.6.3 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (puntero nulo y caída de la aplicación ) o la posibilidad de ejecutar código a su elección a tr... • http://osvdb.org/64789 •
CVSS: 9.8EPSS: 2%CPEs: 238EXPL: 1CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
28 Apr 2010 — The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 206EXPL: 0CVE-2010-0173
https://notcve.org/view.php?id=CVE-2010-0173
05 Apr 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.9 y v3.6.x antes de v3.6.2, en Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 per... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html •
CVSS: 9.8EPSS: 1%CPEs: 203EXPL: 0CVE-2010-0179 – Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy
https://notcve.org/view.php?id=CVE-2010-0179
05 Apr 2010 — Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. Mozilla Firefox anteriores a v3.0.19 y v3.5.x anteriores a v3.5.8, y SeaMonkey anteriores a v2.0.3, cuando se utiliza el modulo XMLHttpRequestSpy en el complemento Fireb... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 9%CPEs: 206EXPL: 0CVE-2010-0174 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-0174
05 Apr 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.0.19, también en v3.5.x antes de v3.5.9 y 3.6.x antes de v3.6.2; en Thu... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html •
CVSS: 9.8EPSS: 3%CPEs: 144EXPL: 0CVE-2010-0178 – Firefox Chrome privilege escalation via forced URL drag and drop
https://notcve.org/view.php?id=CVE-2010-0178
05 Apr 2010 — Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, no impide que los applets interpreten los clicks del ... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 12%CPEs: 144EXPL: 0CVE-2010-0181
https://notcve.org/view.php?id=CVE-2010-0181
05 Apr 2010 — Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. Mozilla Firefox anteriores a v3.5.9 y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, ejecuta la aplicación de correo en situaciones donde un elemento IMG tiene un atr... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 206EXPL: 0CVE-2010-0182 – mozilla: XMLDocument:: load() doesn't check nsIContentPolicy (MFSA 2010-24)
https://notcve.org/view.php?id=CVE-2010-0182
05 Apr 2010 — The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. La función XMLDocument::load en Mozilla Firefox anteriores a v3.5.9 y v3.6.x anteriores a v3.6.2, Thunderbird anteriores a v3.0.4, y SeaMonkey anteriores a v2.0.4 no realiza las comprobacione... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 29%CPEs: 144EXPL: 0CVE-2010-0177 – Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0177
02 Apr 2010 — Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." El objeto window.navigator.plugins en Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anterior... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-399: Resource Management Errors •