CVSS: 5.3EPSS: 3%CPEs: 21EXPL: 0CVE-2009-3370 – Firefox form history vulnerable to stealing
https://notcve.org/view.php?id=CVE-2009-3370
29 Oct 2009 — Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. Mozilla Firefox anteriores a v3.0.15, y v3.5.x anteriores a v3.5.4, permite a atacantes remotos leer la historia de un formulario mediante la falsificación de los eventos de teclado y ratón, que la característica de auto completado rellena los campos del formula... • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 •
CVSS: 10.0EPSS: 41%CPEs: 14EXPL: 1CVE-2009-3382 – Mozilla Firefox 3.0.14 - Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3382
29 Oct 2009 — layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. layout/base/nsCSSFrameConstructor.cpp en el motor del navegador en Mozilla Firefox v3.0.x anteriores a v3.0.15 no maneja adecuadamente los frames, lo que permite a atacantes remotos producir una denegación ... • https://www.exploit-db.com/exploits/33314 •
CVSS: 10.0EPSS: 33%CPEs: 3EXPL: 0CVE-2009-3379 – libvorbis: security fixes mentioned in MFSA 2009-63
https://notcve.org/view.php?id=CVE-2009-3379
29 Oct 2009 — Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. Múltiples vulnerabilidades inespecíficas en libvorbis, tal y como se utiizan en Mozilla Firefox v3.5.x anteriores a v3.5.4, lo que permitiría a atacantes remotos producir una denegación de servicio (caída de aplicación)o posiblemente la ejecución... • http://secunia.com/advisories/37306 •
CVSS: 10.0EPSS: 22%CPEs: 4EXPL: 0CVE-2009-3377
https://notcve.org/view.php?id=CVE-2009-3377
29 Oct 2009 — Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en liboggz anteriores a cf5feeaab69b05e24, tal y como es utilizado en Mozilla Firefox v3.5.x anteriores a v3.5.4, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) y posiblemente ejecu... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042716.html •
CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 0CVE-2009-3378
https://notcve.org/view.php?id=CVE-2009-3378
29 Oct 2009 — The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. La función oggplay_data_handle_theora_frame en media/liboggplay/src/libogg... • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 •
CVSS: 8.8EPSS: 1%CPEs: 17EXPL: 0CVE-2009-3374 – XPCVariant:: VariantDataToJS()
https://notcve.org/view.php?id=CVE-2009-3374
29 Oct 2009 — The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." La función XPCVariant::VariantDataToJS en la implementacion XPCOM en Mozilla Firefox v3.0.x anterior... • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 61%CPEs: 56EXPL: 1CVE-2009-3373 – Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3373
29 Oct 2009 — Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en el parseador de imágenes GIF en Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/33313 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 1%CPEs: 52EXPL: 0CVE-2009-3376 – Firefox download filename spoofing with RTL override
https://notcve.org/view.php?id=CVE-2009-3376
29 Oct 2009 — Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, no maneja adecuadamente una anulación de carácter Unicode "rig... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-16: Configuration •
CVSS: 9.8EPSS: 8%CPEs: 52EXPL: 0CVE-2009-3372 – Firefox crash in proxy auto-configuration regexp parsing
https://notcve.org/view.php?id=CVE-2009-3372
29 Oct 2009 — Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de un expresión regular manipulada en un fichero de autoconfiguración de proxy. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 •
CVSS: 9.8EPSS: 0%CPEs: 42EXPL: 0CVE-2009-3274 – Firefox: Predictable /tmp pathname use
https://notcve.org/view.php?id=CVE-2009-3274
21 Sep 2009 — Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. Mozilla Firefox v3.6a1, v3.5.2, y versiones anteriores a v2.x y v3.x e... • http://jbrownsec.blogspot.com/2009/09/vamos-updates.html •