CVSS: 10.0EPSS: 95%CPEs: 265EXPL: 3CVE-2011-2371 – Mozilla Firefox - 'Array.reduceRight()' Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2371
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. Desbordamiento de enteros en el método Array.reduceRight en Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14 permite a atacantes remotos ejecutar código arbitrario a través de vectores que implican un objeto array muy largo en javascript. • https://www.exploit-db.com/exploits/17976 https://www.exploit-db.com/exploits/18531 https://www.exploit-db.com/exploits/17974 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://securityreason.com/securityalert/8472 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 h • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 39%CPEs: 206EXPL: 0CVE-2011-2374 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2374
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-19.html h •
CVSS: 10.0EPSS: 39%CPEs: 207EXPL: 0CVE-2011-2375 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2375
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de la v5.0 y de Thunderbird hasta la v3.1.11, que permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-19.html http://www.redhat.com/support/errata/RHSA-2011-0885.html http://www.redhat.com/support/errata/RHSA-2011-0886.html http://www.redhat.com/support/errata/RHSA-2011-0887.html http://www.redhat.com/support/errata/RHSA-2011-0888.html https://bugzilla& •
CVSS: 10.0EPSS: 40%CPEs: 99EXPL: 0CVE-2011-2365 – Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)
https://notcve.org/view.php?id=CVE-2011-2365
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.6.x antes de v3.6.18 y Thunderbird antes de v3.1.11 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2011-2364. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-19.html h •
CVSS: 7.6EPSS: 10%CPEs: 265EXPL: 0CVE-2011-2373 – Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20)
https://notcve.org/view.php?id=CVE-2011-2373
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. Vulnerabilidad use-after-free en Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, cuando JavaScript está deshabilitado, permite a atacantes remotos ejecutar código de su elección a través de un documento XUL manipulado. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-20.html h • CWE-399: Resource Management Errors CWE-416: Use After Free •