CVSS: 9.3EPSS: 93%CPEs: 112EXPL: 11CVE-2009-1392 – Firefox browser engine crashes
https://notcve.org/view.php?id=CVE-2009-1392
12 Jun 2009 — The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNext... • http://osvdb.org/55144 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 7%CPEs: 9EXPL: 1CVE-2009-2043 – Mozilla Firefox 3.0.10 - 'nsViewManager.cpp' Denial of Service
https://notcve.org/view.php?id=CVE-2009-2043
12 Jun 2009 — nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. nsViewManager.cpp en Mozilla Firefox desde v3.0.2 hasta v3.0.10 permite a atacantes remotos producir una denegación de servicio (desreferencia a un puntero NULL y caída de aplicación) a través de vectores relacionados con la interacción con TinyMCE. • https://www.exploit-db.com/exploits/33042 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 17%CPEs: 202EXPL: 2CVE-2009-1832 – Firefox double frame construction flaw
https://notcve.org/view.php?id=CVE-2009-1832
12 Jun 2009 — Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar co... • http://osvdb.org/55148 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 36%CPEs: 202EXPL: 4CVE-2009-1833 – Firefox JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1833
12 Jun 2009 — The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. El motor JavaScript en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a ata... • http://osvdb.org/55152 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 132EXPL: 2CVE-2009-1835 – file: resources
https://notcve.org/view.php?id=CVE-2009-1835
12 Jun 2009 — Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. Mozilla Firefox anteriores a v3.0.11 y SeaMonkey anteriores a v1.1.17 asocian documentos locales con un dominio de nombres externo localizado después de la subcadena "file://" en una UR... • http://osvdb.org/55161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 9%CPEs: 1EXPL: 4CVE-2009-1827 – Mozilla Firefox - unclamped loop Denial of Service
https://notcve.org/view.php?id=CVE-2009-1827
29 May 2009 — The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop." El componente SVG en Mozilla Firefox v3.0.4 permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) a través de un valor largo en el r (también conocido como Radius) atributo de un elemnto "circle", relacionado con un "bucle sin fijado" • https://www.exploit-db.com/exploits/8794 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 8%CPEs: 1EXPL: 4CVE-2009-1828 – Mozilla Firefox 3.0.10 - 'KEYGEN' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1828
29 May 2009 — Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected. Mozilla Firefox v3.0.10 permite a atacantes remotos provocar una denegación de servicio (bucle infinito, cuelgue de aplicación y consumo de memoria) a tra... • https://www.exploit-db.com/exploits/8822 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 1CVE-2009-1313 – Mozilla Firefox 3.0.9 - 'nsTextFrame::ClearTextRun()' Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2009-1313
30 Apr 2009 — The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. La función nsTextFrame::ClearTextRun en layout/generic/nsTextFrameThebes.cpp en Mozilla Firefox v3.0.9 permite a atacantes remotos provocar una denegación de servicio (corrupción de me... • https://www.exploit-db.com/exploits/32961 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 5%CPEs: 198EXPL: 0CVE-2009-1303 – Firefox 2 and 3 Layout engine crash
https://notcve.org/view.php?id=CVE-2009-1303
22 Apr 2009 — The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. El navegador del motor en Mozilla Firefox versiones anteriores a v3.0.9, Thunderbird versiones anteriores a v2.0.0.22, y SeaMonkey versiones anteriores a v1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 132EXPL: 1CVE-2009-1311 – Firefox POST data sent to wrong site when saving web page with embedded frame
https://notcve.org/view.php?id=CVE-2009-1311
22 Apr 2009 — Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. Mozilla Firefox anteriores a v3.0.9 y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos con la intervención del usuario obtener información sensible al utilizar una página web con un "frame" embebido, provoca... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •