CVSS: 10.0EPSS: 8%CPEs: 205EXPL: 0CVE-2010-0175 – Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0175
02 Apr 2010 — Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. Vulnerabilidad de uso después de la liberación (Use after free)en la implementación nsTreeSelection en Mozilla Firefox anteriores a v3.0... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 80%CPEs: 206EXPL: 0CVE-2010-0176 – Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0176
02 Apr 2010 — Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." Mozilla Firefox v3.0.19, v3.5.x antes de v3.5.9, y v3.6.x antes de v3.6.2; Thunderbird antes de v3.0.4, y SeaMonkey antes de v2... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 1%CPEs: 78EXPL: 0CVE-2010-1125 – firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw
https://notcve.org/view.php?id=CVE-2010-1125
26 Mar 2010 — The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. La implementación de JavaScript en Firefox versiones 3.x anteriores a 3.5.10 y versiones 3.6.x anteriores a 3.6.4, y SeaMonkey anterior a versión 2.0.5, de Mozilla, permite a los atacantes remotos enviar pulsacio... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 6EXPL: 0CVE-2010-1122
https://notcve.org/view.php?id=CVE-2010-1122
25 Mar 2010 — Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028. Vulnerabilidad no especificada en Mozilla Firefox 3.5.x hasta 3.5.8 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) y puede que tenga otros impactos que n... • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 19%CPEs: 3EXPL: 0CVE-2010-1121 – Mozilla Firefox Cross Document DOM Node Moving Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1121
25 Mar 2010 — Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010. Firefox de Mozilla versiones 3.6.x anteriores a 3.6.3, no administra apropiadamente los ámbitos de los nodos DOM que son movidos de un docu... • http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 26%CPEs: 85EXPL: 1CVE-2010-0167 – Mozilla Firefox/Thunderbird/SeaMonkey - Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0167
25 Mar 2010 — The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a... • https://www.exploit-db.com/exploits/33801 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2010-0164 – Mozilla Firefox libpr0n imgContainer Bits-Per-Pixel Change Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0164
25 Mar 2010 — Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. Vulnerabilidad uso después de la liberación (use-after-free) en la función imgContainer::InternalAddFrameHelper en src... • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 1%CPEs: 85EXPL: 0CVE-2010-0169 – firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)
https://notcve.org/view.php?id=CVE-2010-0169
25 Mar 2010 — The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet ... • http://www.mozilla.org/security/announce/2010/mfsa2010-14.html •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 1CVE-2010-0166 – Mozilla Firefox 3.6 - 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2010-0166
25 Mar 2010 — The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. La función gfxTextRun:... • https://www.exploit-db.com/exploits/33800 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0172
https://notcve.org/view.php?id=CVE-2010-0172
25 Mar 2010 — toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spoof an authorization dialog and capture credentials by demanding HTTP authentication in opportunistic circumstances. toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js en la implementación Authorization Prompt en Mozilla Fi... • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 •