CVSS: 6.1EPSS: 2%CPEs: 78EXPL: 1CVE-2010-0648
https://notcve.org/view.php?id=CVE-2010-0648
18 Feb 2010 — Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, related to an IFRAME element. Mozilla Firefox, probablemente anterior v3.6, permite a atacantes remotos descubrir una redirección de URL, para la sesión de un usuario específico de un sitio web, por sustición de la URL ... • http://code.google.com/p/chromium/issues/detail?id=32309 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 71EXPL: 1CVE-2010-0654 – firefox: cross-domain information disclosure
https://notcve.org/view.php?id=CVE-2010-0654
18 Feb 2010 — Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Mozilla Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0... • http://code.google.com/p/chromium/issues/detail?id=9877 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 2%CPEs: 72EXPL: 2CVE-2010-0220
https://notcve.org/view.php?id=CVE-2010-0220
07 Jan 2010 — The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. La función nsObserverList::FillObserverArray en xpcom/ds/nsObserverList.cpp en Mozilla Firefox anterior a v3.5.7 permite a atacantes remotos provo... • http://hg.mozilla.org/mozilla-central/rev/51396f6c9f20 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 156EXPL: 0CVE-2009-3986 – Mozilla Chrome privilege escalation via window.opener
https://notcve.org/view.php?id=CVE-2009-3986
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos ejecutar código JavaScript arbitrario con privilegios al aprovechar una referencia a una ventana de chrome desd... • http://secunia.com/advisories/37699 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 156EXPL: 0CVE-2009-3985 – Mozilla URL spoofing via invalid document.location
https://notcve.org/view.php?id=CVE-2009-3985
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos asociar contenido falsificado con una URL inválida estableciendo el ... • http://secunia.com/advisories/37699 •
CVSS: 6.8EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3984 – Mozilla SSL spoofing with document.location and empty SSL response page
https://notcve.org/view.php?id=CVE-2009-3984
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos suplantar un indicador de SSL para una URL o fichero HTTP URL estableciendo... • http://secunia.com/advisories/37699 •
CVSS: 9.3EPSS: 1%CPEs: 51EXPL: 0CVE-2009-3388
https://notcve.org/view.php?id=CVE-2009-3388
17 Dec 2009 — liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." liboggplay en Mozilla Firefox v3.5.x antes de v3.5.6 y SeaMonkey antes de v2.0.1 podría permitir a atacantes dependientes de contexto causar una denegación de servicio (por caída de la aplicación) o ejecutar código arbitrario a través de vectores no especificad... • http://secunia.com/advisories/37699 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 52EXPL: 0CVE-2009-3980
https://notcve.org/view.php?id=CVE-2009-3980
17 Dec 2009 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x antes de v3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permiten a atacantes remotos provocar una denegación de servicio (por c... • http://secunia.com/advisories/37699 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3983 – Mozilla NTLM reflection vulnerability
https://notcve.org/view.php?id=CVE-2009-3983
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite enviar solicitudes autenticadas a aplicaciones arbitrarias a atacantes remotos respondiendo a las credenciales NTLM de un usuario del navegador. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 7.8EPSS: 0%CPEs: 156EXPL: 0CVE-2009-3987
https://notcve.org/view.php?id=CVE-2009-3987
17 Dec 2009 — The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. La función GeckoActiveXObject en Mozilla Firefox antes de v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonk... • http://secunia.com/advisories/37699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •