CVSS: 10.0EPSS: 7%CPEs: 11EXPL: 0CVE-2009-2662
https://notcve.org/view.php?id=CVE-2009-2662
04 Aug 2009 — The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors. El motor de búsqueda en Mozilla Firefox anteriores v3.0.13 , y v3.5.x anteriores v3.5.2, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) o probablemente ... • http://secunia.com/advisories/36126 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 6%CPEs: 103EXPL: 0CVE-2009-2664
https://notcve.org/view.php?id=CVE-2009-2664
04 Aug 2009 — The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. la función js_watch_set en js/src/jsdbgapi.cpp en el motor JavaScript de Mozilla Firefox anterior a v3.0.13, y v3.5.x anterior a v3.5.2, permite a... • http://secunia.com/advisories/36126 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 103EXPL: 0CVE-2009-2663 – libvorbis: Improper codec headers processing (DoS, ACE)
https://notcve.org/view.php?id=CVE-2009-2663
04 Aug 2009 — libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. libvorbis anterior a r16182, usado en Mozilla Firefox anterior a v3.0.13 y v3.5.x anterior a v3.5.2 y otros productos, permite a atacantes dependientes de contexto, provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posibl... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 7.4EPSS: 3%CPEs: 108EXPL: 3CVE-2009-2654 – Mozilla Firefox 3.5.1 - Error Page Address Bar URI Spoofing
https://notcve.org/view.php?id=CVE-2009-2654
03 Aug 2009 — Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. Firefox de Mozilla anterior a versión 3.0.13, y versiones 3.5.x anteriores a 3.5.2, permite a atacantes remotos falsificar la barra de direcciones y posiblemente r... • https://www.exploit-db.com/exploits/33103 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-2408 – firefox/nss: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2009-2408
30 Jul 2009 — Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v... • http://isc.sans.org/diary.html?storyid=7003 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 1%CPEs: 95EXPL: 0CVE-2009-2471 – Mozilla setTimeout loses XPCNativeWrappers
https://notcve.org/view.php?id=CVE-2009-2471
22 Jul 2009 — The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. La función setTimeout en Mozilla Firefox anterior a 3.0.12 no conserva adecuadamente la encapsulación del objeto, lo que permite a atacantes remotos ejecutar código JavaScript de su elección con privilegios chrome a través de una llamada manipulada. Relacionado con XPCNativeWr... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html •
CVSS: 10.0EPSS: 14%CPEs: 98EXPL: 0CVE-2009-2467 – Mozilla remote code execution during Flash player unloading
https://notcve.org/view.php?id=CVE-2009-2467
22 Jul 2009 — Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. Mozilla Firefox before v3.0.12 y v3.5 anterior a v3.5.1, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html •
CVSS: 10.0EPSS: 7%CPEs: 124EXPL: 0CVE-2009-2463 – Mozilla Base64 decoding crash
https://notcve.org/view.php?id=CVE-2009-2463
22 Jul 2009 — Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. Desbordamiento de enteros en una función base64 decoding en Mozilla Firefox anteriores a v.3.0.12 y Thunderbird perm... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 28%CPEs: 96EXPL: 0CVE-2009-2469 – Mozilla remote code execution using watch and __defineSetter__ on SVG element
https://notcve.org/view.php?id=CVE-2009-2469
22 Jul 2009 — Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. Mozilla Firefox anterior a la v3.0.12 no maneja adecuadamente un elemento SVG que posee una propiedad con una función "watch" y una función "__defineSetter__"... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 116EXPL: 0CVE-2009-2465 – Mozilla double frame construction crashes
https://notcve.org/view.php?id=CVE-2009-2465
22 Jul 2009 — Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. Mozilla Firefox anteriores v3.0.12 y Thunderbird permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) o ejecuta... • http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html • CWE-399: Resource Management Errors •