CVE-2010-0182 – mozilla: XMLDocument:: load() doesn't check nsIContentPolicy (MFSA 2010-24)
https://notcve.org/view.php?id=CVE-2010-0182
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended access restrictions via crafted content. La función XMLDocument::load en Mozilla Firefox anteriores a v3.5.9 y v3.6.x anteriores a v3.6.2, Thunderbird anteriores a v3.0.4, y SeaMonkey anteriores a v2.0.4 no realiza las comprobaciones de los controles de nsIContentPolicy durante la carga de contenidos de documentos XML, lo que permite a atacantes evitar las restricciones de acceso a través de contenido manipulado. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39397 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-921-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-24.html http://www.redhat.com/support/errata/RHSA-2010-0500.html http://www.redhat.com/support/errata/RHSA-2010-0501.html http://www.securityfocus.com/bid/39479 ht • CWE-20: Improper Input Validation •
CVE-2010-0176 – Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0176
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." Mozilla Firefox v3.0.19, v3.5.x antes de v3.5.9, y v3.6.x antes de v3.6.2; Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 no gestionan adecuadamente la cuenta de referencias a elementos de opción en un árbol XUL optgroup , lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que desencadenan el acceso a los elementos eliminados, relacionados con una vulnerabilidad de puntero colgado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within the way that Mozilla's Firefox parses .XUL files. While appending a particular tag to a treechildren container, the application will create more than one reference to a particular element without increasing its reference count. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http: • CWE-399: Resource Management Errors •
CVE-2010-0175 – Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0175
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. Vulnerabilidad de uso después de la liberación (Use after free)en la implementación nsTreeSelection en Mozilla Firefox anteriores a v3.0.19 y v3.5.x anteriores a v3.5.9, Thunderbird anteriores a v3.0.4, y SeaMonkey anteriores a v2.0.4, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de vectores no específicos que pueden provocar una llamada a ciertos gestores de de eventos. This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Mozilla's Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within how the application handles particular events for an nsTreeSelection element. Upon execution of a "select" event the application will access an element without checking to see if it's been previously freed or not. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http: • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2010-0169 – firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)
https://notcve.org/view.php?id=CVE-2010-0169
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. La función CSSLoaderImpl::DoSheetComplete en layout/style/nsCSSLoader.cpp en Mozilla Firefox v3.0.x anterior a v3.0.18, v3.5.x anterior a v3.5.8, y v3.6.x anterior a v3.6.2; Thunderbird anterior a v3.0.2; y SeaMonkey anterior a v2.0.3 cambia la caja de ciertas cadenas en la hoja de estilos antes de añadirla a la cache XUL, lo que permite a atacantes remotos modificar las fuentes del navegador y otros atributos CSS, y potencialmente interrumpir el renderizado de una pagina web, forzando al navegador a cachear la hoja de estilos incorrecta. • http://www.mozilla.org/security/announce/2010/mfsa2010-14.html http://www.securityfocus.com/bid/38918 http://www.vupen.com/english/advisories/2010/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=535806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8431 https://access.redhat.com/security/cve/CVE-2010-0169 https://bugzilla.redhat.com/show_bug.cgi?id=576694 •
CVE-2010-0167 – Mozilla Firefox/Thunderbird/SeaMonkey - Multiple Memory Corruption Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-0167
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, y v3.6.x anterior a v3.6.2; Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a la v2.0.3 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) y posiblemente ejecutar código de su elección a través de vectores relativos a (1) layout/generic/nsBlockFrame.cpp y (2) la función _evaluate en modules/plugin/base/src/nsNPAPIPlugin.cpp. Mozilla Firefox / Thunderbird / Seamonkey all suffer from multiple memory corruption vulnerabilities. • https://www.exploit-db.com/exploits/33801 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-11.html http://www.securityfocus.com/bid/38918 http://www.securityfocus.com/bid/38944 http://www.vupen.com/english/advisories/2010/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=534082 https://bugzilla.mozilla.org/show_bug.cgi?id=535641 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Ade • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •