CVSS: 10.0EPSS: 13%CPEs: 14EXPL: 1CVE-2010-2753 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2753
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. Un desbordamiento de enteros en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0.6 y versiones 3.1.x anteriores a 3.1.1, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a atacantes remotos ejecutar código arbitrario por medio de un atributo de selección grande en un elemento del árbol XUL, lo que desencadena un uso de la memoria previamente liberada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL <tree> element's "selection" attribute. There is an integer overflow when calculating the bounds of a new selection range. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://www.mozilla.org/security/announce/2010/mfsa2010-40.html http://www.securityfocus.com/archive/1/512510 http://www.securityfocus.com/bid/41853 http://www.zerodayinitiative.com/advisories/ZDI-10-131 https://bugzilla.mozilla.org/show_bug.cgi?id=571106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 https://access.redhat.com/security/cve/CVE-2010-2753 https://bugzilla • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVSS: 10.0EPSS: 79%CPEs: 72EXPL: 1CVE-2010-2752 – Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2752
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. Un desbordamiento de enteros en una clase de matriz en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0.6 y versiones 3.1.x anteriores a 3.1.1, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a los atacantes remotos ejecutar código arbitrario mediante la colocación de muchos valores de Cascading Style Sheets (CSS) en una matriz, relacionada con referencias a recursos de fuente externa y una inconsistencia entre enteros de 16 bits y 32 bits. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling of references to external font resources. A value is used as a 16 bit integer in an array allocation and later as 32 bit when iterating over and then populating these fields. • https://www.exploit-db.com/exploits/15104 http://www.mozilla.org/security/announce/2010/mfsa2010-39.html http://www.securityfocus.com/archive/1/512514 http://www.securityfocus.com/bid/41852 http://www.zerodayinitiative.com/advisories/ZDI-10-133 https://bugzilla.mozilla.org/show_bug.cgi?id=574059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680 https://access.redhat.com/security/cve/CVE-2010-2752 https://bugzilla.redhat.com/show_bug.cgi? • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 69%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 55%CPEs: 100EXPL: 0CVE-2010-1202 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1202
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidad no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de programa) o probablemente ejecutar código de su elección a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/ •
CVSS: 9.3EPSS: 13%CPEs: 100EXPL: 0CVE-2010-1196 – nsGenericDOMDataNode:: SetTextInternal
https://notcve.org/view.php?id=CVE-2010-1196
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función GenericDOMDataNode::SetTextInternal en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su elección a través de un nodo DOM con un valor de texto largo que provoca un desbordamiento de búfer basado en la memoria dinámica • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •