CVSS: 10.0EPSS: 4%CPEs: 132EXPL: 0CVE-2011-2989
https://notcve.org/view.php?id=CVE-2011-2989
18 Aug 2011 — The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. El motor del navegador en Firefox versiones 4.x hasta 5, SeaMonkey versiones 2.x anteriores a 2.3, Thunderbird anterior a versión 6, y posiblemente otros productos de Mozilla, no implemen... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0CVE-2011-2990
https://notcve.org/view.php?id=CVE-2011-2990
18 Aug 2011 — The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. La implementación de los informes de violación de la Política de Seguridad de Contenido (CSP) en Mozilla Firefox versiones 4... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 4%CPEs: 132EXPL: 0CVE-2011-2991
https://notcve.org/view.php?id=CVE-2011-2991
18 Aug 2011 — The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. El motor del navegador en Firefox versiones 4.x hasta 5, SeaMonkey versiones 2.x anteriores a 2.3, Thunderbird anteriores a versión 6, de Mozilla, y posiblemente otros productos, no ... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 4%CPEs: 119EXPL: 0CVE-2011-2992
https://notcve.org/view.php?id=CVE-2011-2992
18 Aug 2011 — The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. El lector Ogg en el motor del navegador en Firefox versiones 4.x hasta 5, SeaMonkey versiones 2.x anteriores a 2.3, Thunderbird anterior a versión 6, de Mozilla, y posiblemente otros productos, permiten a los a... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 37EXPL: 0CVE-2011-2993
https://notcve.org/view.php?id=CVE-2011-2993
18 Aug 2011 — The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via a crafted web site, a different vulnerability than CVE-2008-2801. La implementación de firmas digitales para archivos JAR en Firefox versiones 4.x hasta 5, SeaMonkey versiones 2.x anteriores a 2.3, de Mozilla, y p... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 5%CPEs: 174EXPL: 0CVE-2011-0084 – Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0084
17 Aug 2011 — The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." La función SVGTextElement.getCharNumAtPosition en Firefox anterior a versión 3.6.20, y versiones 4.x hasta 5; Thunderbird versiones 3.x anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 3%CPEs: 208EXPL: 0CVE-2011-2378 – Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2378
17 Aug 2011 — The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." La función appendChild en Firefox anterior a versión 3.6.20, Thunderbird versiones 3.x anteriores a 3.1.12, SeaMonkey versiones 2.x, y posiblemente otros productos de Mozilla, no maneja apropiadamente objetos ... • http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 251EXPL: 0CVE-2011-2362 – Mozilla Cookie isolation error (MFSA 2011-24)
https://notcve.org/view.php?id=CVE-2011-2362
30 Jun 2011 — Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. Mozilla Firefox antes de la v3.6.18, Thunderbird antes de la v3.1.11, y SeaMonkey hasta la v2.0.14, no distinguen entre las cookies de dos nombres de dominio que difieran sólo en un punto final, lo que permite a los servidores Web remotos eludi... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 83%CPEs: 265EXPL: 3CVE-2011-2371 – Mozilla Firefox - 'Array.reduceRight()' Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2371
30 Jun 2011 — Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. Desbordamiento de enteros en el método Array.reduceRight en Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14 permite a atacantes remotos ejecutar código arbitrario a través de vectores que... • https://www.exploit-db.com/exploits/17976 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 265EXPL: 0CVE-2011-2373 – Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20)
https://notcve.org/view.php?id=CVE-2011-2373
30 Jun 2011 — Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. Vulnerabilidad use-after-free en Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, cuando JavaScript está deshabilitado, permite a atacantes remotos ejecutar código de su elección a través de un documen... • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html • CWE-399: Resource Management Errors CWE-416: Use After Free •