CVSS: 8.1EPSS: 0%CPEs: 271EXPL: 0CVE-2011-2983 – Mozilla: Private data leakage using RegExp.input
https://notcve.org/view.php?id=CVE-2011-2983
17 Aug 2011 — Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. Firefox anterior a versión 3.6.20, Thunderbird versiones 2.x y versiones 3.x anteriores a 3.1.12, SeaMonkey versiones 1.x y 2.x, y posiblemente otros productos de Mozilla, no m... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 251EXPL: 0CVE-2011-2362 – Mozilla Cookie isolation error (MFSA 2011-24)
https://notcve.org/view.php?id=CVE-2011-2362
22 Jun 2011 — Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. Mozilla Firefox antes de la v3.6.18, Thunderbird antes de la v3.1.11, y SeaMonkey hasta la v2.0.14, no distinguen entre las cookies de dos nombres de dominio que difieran sólo en un punto final, lo que permite a los servidores Web remotos eludi... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 84%CPEs: 265EXPL: 6CVE-2011-2371 – Mozilla Firefox - 'Array.reduceRight()' Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2371
22 Jun 2011 — Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. Desbordamiento de enteros en el método Array.reduceRight en Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14 permite a atacantes remotos ejecutar código arbitrario a través de vectores que... • https://packetstorm.news/files/id/110247 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 265EXPL: 0CVE-2011-2373 – Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20)
https://notcve.org/view.php?id=CVE-2011-2373
22 Jun 2011 — Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. Vulnerabilidad use-after-free en Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, cuando JavaScript está deshabilitado, permite a atacantes remotos ejecutar código de su elección a través de un documen... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 4%CPEs: 265EXPL: 0CVE-2011-2377 – Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21)
https://notcve.org/view.php?id=CVE-2011-2377
22 Jun 2011 — Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente e... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 2%CPEs: 251EXPL: 0CVE-2011-0085 – Mozilla Firefox nsXULCommandDispatcher Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0085
21 Jun 2011 — Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. Vulnerabilidad use-after-free en la función nsXULCommandDispatcher en Mozilla Firefox antes de v3.6.18, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14 permite a atacantes remotos ejecutar código de su elección mediante un doc... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 251EXPL: 0CVE-2011-2363 – Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2363
21 Jun 2011 — Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. Vulnerabilidad de uso después de la liberación en la función nsSVGPointList::AppendElement en la implementación de listas de elementos SVG en Mozill... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 251EXPL: 0CVE-2011-0083 – Mozilla Firefox SVGPathSegList.replaceItem Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0083
21 Jun 2011 — Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. Vulnerabilidad de uso después de liberación (use-after-free) en la función nsSVGPathSegList::ReplaceItem de la implementación del elemento listas SV... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 1%CPEs: 163EXPL: 0CVE-2011-0080 – Mozilla memory safety issue (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0080
30 Apr 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Multiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v.3.1.10 y SeaMon... • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird •
CVSS: 10.0EPSS: 83%CPEs: 164EXPL: 7CVE-2011-0065 – Mozilla Firefox OBJECT mChannel Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0065
30 Apr 2011 — Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. Vulnerabilidad de uso después de la liberación (Use-after-free) en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, permite a atacantes remotos ejecutar código arbitrario mediante OBJECT's mChannel. This vulnerability allows remote attackers to execute arbi... • https://packetstorm.news/files/id/129259 • CWE-399: Resource Management Errors CWE-416: Use After Free •