CVSS: 10.0EPSS: 53%CPEs: 104EXPL: 0CVE-2009-3074 – Firefox 3.5 3.0.14 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-3074
10 Sep 2009 — Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor JavaScript de Mozilla Firefox en versiones anteriores a la v3.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través... • http://secunia.com/advisories/36670 •
CVSS: 9.3EPSS: 27%CPEs: 107EXPL: 0CVE-2009-3077 – Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3077
10 Sep 2009 — Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." Mozilla Firefox en versiones anteriores a la v3.0.14 y las versiones v3.5.x anteriores a v3.5.3, no gestiona apropiadamente los punteros para las columnas (también conocido como "TreeColumns") de un elemento de árbol XUL, lo que permi... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 60EXPL: 2CVE-2009-3014
https://notcve.org/view.php?id=CVE-2009-3014
31 Aug 2009 — Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header. Mozilla Firefox v3.0.13 y anteriores, v3.5, v3.6 a1 pre, y v3.7 a1... • http://websecurity.com.ua/3373 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 20EXPL: 2CVE-2009-3012
https://notcve.org/view.php?id=CVE-2009-3012
31 Aug 2009 — Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP si... • http://websecurity.com.ua/3323 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 2CVE-2009-3010
https://notcve.org/view.php?id=CVE-2009-3010
31 Aug 2009 — Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. NOTE: in some product v... • http://websecurity.com.ua/3315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3007
https://notcve.org/view.php?id=CVE-2009-3007
28 Aug 2009 — Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. Mozilla Firefox v3.5.1, SeaMonkey v1.1.17 y Flock v2.5.1 permiten falsificar a atacantes remotos dependiendo del contexto la barra de direcciones a través de un window.open con una URI relativa, que muestra un... • http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2009-2975
https://notcve.org/view.php?id=CVE-2009-2975
27 Aug 2009 — Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. Mozilla Firefox v3.5.2 ... • http://archives.neohapsis.com/archives/bugtraq/2009-08/0234.html •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2009-2953 – Mozilla Firefox 3.0.5 - location.hash Remote Crash
https://notcve.org/view.php?id=CVE-2009-2953
24 Aug 2009 — Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. Mozilla FireFox v3.0.6 a la v3.0.13, y v3.5.x, permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) a través de código JavaScript con un valor largo de cadena para la propiedad "hash" (también conocida como location.hash). Cuestión relacionad... • https://www.exploit-db.com/exploits/7554 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 103EXPL: 0CVE-2009-2470 – Mozilla data corruption with SOCKS5 reply
https://notcve.org/view.php?id=CVE-2009-2470
04 Aug 2009 — Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. Mozilla Firefox en versiones anteriores a la 3.0.12 y 3.5.x en versiones anteriores a la 3.5.2 permite a servidores proxy SOCKS5 remotos provocar una denegación de servicio (corrupción del flujo de datos) mediante un nombre de dominio largo en una respuesta. • http://secunia.com/advisories/36126 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2009-2665
https://notcve.org/view.php?id=CVE-2009-2665
04 Aug 2009 — The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. La función nsDocument::SetScriptGlobalObject en content/base/src/nsDocument.cpp en Mozilla Firefox v3.5.x anterior a v3.5.2, cuando ciertos add-ons están activad... • http://secunia.com/advisories/36126 • CWE-94: Improper Control of Generation of Code ('Code Injection') •