CVE-2011-2982 – Mozilla: Miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2011-2982
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador en Firefox anterior a versión 3.6.20, Thunderbird versiones 2.x y versiones 3.x anteriores a 3.1.12, SeaMonkey versiones 1.x y 2.x, y posiblemente otros productos de Mozilla, permiten a los atacantes remotos causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html http://www.debian.org/security/2011/dsa-2295 http://www.debian.org/security/2011/dsa-2296 http://www.debian.org/security/2011/dsa-2297 http://www.mandriva.com/security/advisories?name=MDVSA-2011:127 http://www.mozilla.org/security/announce/2011/mfsa2011-30.html http://www.redhat.com/support/errata/RHSA-2011-1164.html http://ww •
CVE-2011-2378 – Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2378
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." La función appendChild en Firefox anterior a versión 3.6.20, Thunderbird versiones 3.x anteriores a 3.1.12, SeaMonkey versiones 2.x, y posiblemente otros productos de Mozilla, no maneja apropiadamente objetos DOM, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que conlleva al desreferenciado de un "dangling pointer” This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw results when .setUserData() handlers are used with an object and .appendChild() is called within a handler. Ultimately the import operation resulting from an .appendChild() is not guarded from mutation, and invalid DOM trees can result. Invalid DOM trees can be navigated resulting in dereferencing invalid pointers which can be leveraged to execute arbitrary code in the context of the browser. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html http://www.debian.org/security/2011/dsa-2295 http://www.debian.org/security/2011/dsa-2296 http://www.debian.org/security/2011/dsa-2297 http://www.mandriva.com/security/advisories?name=MDVSA-2011:127 http://www.mozilla.org/security/announce/2011/mfsa2011-30.html http://www.redhat.com/support/errata/RHSA-2011-1164.html http://ww • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-0084 – Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0084
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." La función SVGTextElement.getCharNumAtPosition en Firefox anterior a versión 3.6.20, y versiones 4.x hasta 5; Thunderbird versiones 3.x anteriores a 3.1.12 y otras versiones anteriores a 6; SeaMonkey versiones 2.x anteriores a 2.3; y posiblemente otros productos de Mozilla, no maneja apropiadamente el texto SVG, lo que permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que conlleva a un "dangling pointer" This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG text containers. The code within nsSVGGlyphFrame::GetCharNumAtPosition() does not account for user defined getter methods modifying or destroying the parent object. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00027.html http://www.debian.org/security/2011/dsa-2295 http://www.debian.org/security/2011/dsa-2296 http://www.debian.org/security/2011/dsa-2297 http://www.mandriva.com/security/advisories?name=MDVSA-2011:127 http://www.mozilla.org/security/announce/2011/mfsa2011-29.html http://www.mozilla.org/security/announce/2011/mfsa2011-30.html http:/& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-2605 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2605
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. Inyección CRLF en la función nsCookieService::SetCookieStringInternal en netwerk/cookie/nsCookieService.cpp de Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1 y Thunderbird antes de v3.1.11, permite a atacantes remotos evitar las restricciones de acceso a través de una cadena que contiene un carácter \n (nueva línea) , que no se maneja en una expresion "document.cookie =" de JavaScript es una vulnerabilidad diferente a CVE-2011-2374. • http://www.mozilla.org/security/announce/2011/mfsa2011-19.html http://www.redhat.com/support/errata/RHSA-2011-0885.html http://www.redhat.com/support/errata/RHSA-2011-0886.html http://www.redhat.com/support/errata/RHSA-2011-0887.html http://www.redhat.com/support/errata/RHSA-2011-0888.html https://bugzilla.mozilla.org/show_bug.cgi?id=643051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14401 https://access.redhat.com/security/cve/CVE-2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-2366
https://notcve.org/view.php?id=CVE-2011-2366
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Mozilla Gecko usado en Firefox v5.0 y Thunderbird antes de v5.0, no bloquea el uso de una imagen como textura WebGL en dominios cruzados, lo que permite a atacantes remotos obtener copias aproximadas de imágenes arbitrarias mediante un ataque de temporizacion mediante la participación de un fragmento sombreado manipulado en WebGL. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html http://www.contextis.co.uk/resources/blog/webgl http://www.mozilla.org/security/announce/2011/mfsa2011-25.html https://bugzilla.mozilla.org/show_bug.cgi?id=655987 https://bugzilla.mozilla.org/show_bug.cgi?id=656277 https://bugzilla.mozilla.org/show_bug.cgi?id=659349 https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures https: • CWE-20: Improper Input Validation •