CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 2CVE-2011-1187
https://notcve.org/view.php?id=CVE-2011-1187
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Google Chrome en versiones anteriores a la 10.0.648.127 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. Relacionado con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=69187 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2012/mfsa2012-32.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://bugzilla.mozilla.org/show_bug.cgi?id=624621 https://exchange.xforce.ibmcloud.com/v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 42%CPEs: 238EXPL: 0CVE-2011-0053 – Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
https://notcve.org/view.php?id=CVE-2011-0053
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, Thunderbird antes de v3.1.8 y SeaMonkey antes de v2.0.12 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-01.html http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.securityfocus.com/bid/46645 https://bugzilla.mozilla.org/show_bug.cgi?id=558531 https://bugzilla.mozilla.org/show_bug.cg •
CVSS: 10.0EPSS: 15%CPEs: 157EXPL: 0CVE-2011-0057 – Mozilla use-after-free error using Web Workers (MFSA 2011-06)
https://notcve.org/view.php?id=CVE-2011-0057
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. Vulnerabilidad de uso después de liberación en la implementación de Web Workers para Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un JavaScript Worker y con la recolección de basura. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-06.html http://www.securityfocus.com/bid/46663 https://bugzilla.mozilla.org/show_bug.cgi?id=626631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200 https://access.redhat.com/security/cve/CVE-2011-0057 https://bugzilla.redhat.com/show_bug.cgi?id=675093 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 22%CPEs: 160EXPL: 0CVE-2011-0058 – Mozilla memory corruption during text run construction (MFSA 2011-07)
https://notcve.org/view.php?id=CVE-2011-0058
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. Desbordamiento de búfer en Mozilla Firefox antes de v3.5.17 y en v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, bajo Windows, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (por corrupción de memoria) a través de una cadena demasiado larga que desencadena construcción de un texto largo. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-07.html http://www.securityfocus.com/bid/46660 https://bugzilla.mozilla.org/show_bug.cgi?id=607160 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254 https://access.redhat.com/security/cve/CVE-2011-0058 https://bugzilla.redhat.com/show_bug.cgi?id=675143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 157EXPL: 0CVE-2011-0059 – Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)
https://notcve.org/view.php?id=CVE-2011-0059
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Mozilla Firefox en versiones anteriores a la 3.5.17 y 3.6.x anteriores a la 3.6.14 y SeaMonkey anteriores a 2.0.12. Permite a atacantes remotos secuestrar ("hijack") la autenticación de usuarios arbitrarios para peticiones que fueron iniciadas por un complemento y reciben una redirección 307 a una página de un diferente sitio web. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-10.html http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.securityfocus.com/bid/46652 https://bugzilla.mozilla.org/show_bug.cgi?id=573873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473 https://acce • CWE-352: Cross-Site Request Forgery (CSRF) •