Page 361 of 2167 results (0.036 seconds)

CVSS: 10.0EPSS: 96%CPEs: 164EXPL: 4

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel. Vulnerabilidad de uso después de la liberación (Use-after-free) en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, permite a atacantes remotos ejecutar código arbitrario mediante OBJECT's mChannel. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the OnChannelRedirect method. When an OBJECT element has no mChannel assigned, it is possible to call the |OnChannelRedirect| method, setting a nearly arbitrary object as the channel in use. • https://www.exploit-db.com/exploits/18377 https://www.exploit-db.com/exploits/17672 https://www.exploit-db.com/exploits/17650 https://www.exploit-db.com/exploits/17612 http://downloads.avaya.com/css/P8/documents/100144158 http://securityreason.com/securityalert/8326 http://securityreason.com/securityalert/8331 http://securityreason.com/securityalert/8340 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security • CWE-399: Resource Management Errors CWE-416: Use After Free •

CVSS: 5.1EPSS: 1%CPEs: 251EXPL: 1

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. Vulnerabilidad de salto de directorio en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10, y SeaMonkey anterior a v2.0.14 en Windows permite a atacantes remotos determinar la existencia de ficheros arbitrarios, y posiblemente cargar recursos mediante vectores que comprenden un recurso: URL. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-16.html https://bugzilla.mozilla.org/show_bug.cgi?id=624764 https://oval.cisecurity.org/repository/search/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.1EPSS: 0%CPEs: 164EXPL: 1

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. Mozilla Firefox v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no implementa adecuadamente el autocompletado de formularios, permitiendo a atacantes remotos leer las entradas del historial de formularios a través de un applet de Java que falsifica la interacción con los controles de autocompletado. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce/2011/mfsa2011-14.html https://bugzilla.mozilla.org/show_bug.cgi?id=527935 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14523 https://access.redhat • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 96%CPEs: 164EXPL: 2

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no utiliza correctamente las estructuras de datos nsTreeRange, permitiendo a atacantes remotos ejecutar código arbitrario a través de vectores no especificados produciendo un "dangling pointer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element. When executing the function invalidateSelection it is possible to free the nsTreeSelection object that the function operates on. • https://www.exploit-db.com/exploits/17419 https://www.exploit-db.com/exploits/17520 http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://securityreason.com/securityalert/8310 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce& • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 157EXPL: 1

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. La función txXPathNodeUtils::getXSLTId en los archivos txMozillaXPathTreeWalker.cpp y txStandaloneXPathTreeWalker.cpp en Mozilla Firefox anterior a versión 3.5.19, versiones 3.6.x anteriores a 3.6.17 y versiones 4.x anteriores a 4.0.1, y SeaMonkey anterior a versión 2.0.14, permite a los atacantes remotos obtener información potencialmente confidencial sobre las direcciones de memoria de la pila por medio de un documento XML que contiene una llamada a la función XSLT generate-id XPath. • http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html http://www.mozilla.org/security/announce/2011/mfsa2011-18.html https://bugzilla.mozilla.org/show_bug.cgi?id=640339 https://exchange.xforce.ibmcloud.com/vulnerabilities/66836 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14467 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •