CVSS: 8.8EPSS: 13%CPEs: 2EXPL: 1CVE-2010-0168 – Mozilla Firefox 3.6 - Image Preloading Content-Policy Check Security Bypass
https://notcve.org/view.php?id=CVE-2010-0168
25 Mar 2010 — The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that ... • https://www.exploit-db.com/exploits/33798 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 7%CPEs: 1EXPL: 0CVE-2010-0165
https://notcve.org/view.php?id=CVE-2010-0165
25 Mar 2010 — The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. La función TraceRecorder::traverseScopeChain en js/src/jstracer.cpp en Mozilla Firefox v3.6 anterior a v3.6.2 permite a atacantes remotos causar una denegación de servicio (co... • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2010-0170
https://notcve.org/view.php?id=CVE-2010-0170
25 Mar 2010 — Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. Mozilla Firefox v3.6 anterior a v3.6.2 no ofrece a las extensiones el mecanismo de protección window.location, lo que permite a atacantes remotos evitar la política de "Same Origin" y dirigir ataques de secuencias de comandos en sitios... • http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 85EXPL: 0CVE-2010-0171 – firefox/thunderbird/seamonkey: XSS using addEventListener and setTimeout on a wrapped object (MFSA 2010-12)
https://notcve.org/view.php?id=CVE-2010-0171
25 Mar 2010 — Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. Mozilla Firefox v3.0.x anterior a v3.0.18, v3.5.x anterior a v3.5.8 y v3.6.x anter... • http://www.mozilla.org/security/announce/2010/mfsa2010-12.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 89%CPEs: 8EXPL: 0CVE-2010-1028 – Mozilla Firefox WOFF Font Format dirEntry Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1028
19 Mar 2010 — Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. Un desbordamiento de enteros en la funcionalidad de descompresión en el decodificador Web Open Fonts Format (WOFF) en Firefox de Mozilla versiones 3.6 anteriores a 3.6.2 y versiones 3.7 anteri... • http://blog.mozilla.com/security/2010/02/22/secunia-advisory-sa38608 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 4%CPEs: 9EXPL: 0CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
21 Feb 2010 — The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html •
CVSS: 10.0EPSS: 10%CPEs: 67EXPL: 0CVE-2009-1571 – Mozilla incorrectly frees used memory (MFSA 2010-03)
https://notcve.org/view.php?id=CVE-2009-1571
21 Feb 2010 — Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. Vulnerabilidad de uso después de la liberación en el parser HTML en Mozilla Firefox v3.0.x anteriores a v3.0.18 y v3.5.x anterior a v3.5.8, Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a v2.0.3, p... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 21%CPEs: 68EXPL: 0CVE-2010-0160 – Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0160
21 Feb 2010 — The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. La funcionalidad Web Worker en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, y SeaMonkey anteriores a la v2.0.3, no manejan de forma a... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 67EXPL: 0CVE-2010-0162 – Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)
https://notcve.org/view.php?id=CVE-2010-0162
21 Feb 2010 — Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. Mozilla Firefox v3.0.x anteriores v3.0.18 y v3.5.x anteriores v3.5.8, y SeaMonkey before v2.0.3,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 1%CPEs: 33EXPL: 0CVE-2009-3988 – Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2009-3988
19 Feb 2010 — Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. Mozilla Firefox v3.0.x anterior a la v3.0.18 y v3.5.x anterior a la v3.5.8, y SeaMonkey anterior a la v2.0.3, no restringen de forma adecuada el acceso a las propiedades del objeto en showModalDialo... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html • CWE-264: Permissions, Privileges, and Access Controls •