CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2009-5017 – Firefox: overlong UTF-8 seqence detection problem
https://notcve.org/view.php?id=CVE-2009-5017
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. Mozilla Firefox anterior v3.6 Beta 3 no maneja adecuadamente codificaciones UTF-8 demasiado largas, lo que hace facil para atacantes remotos superar los mecanísmos de protección de secuencias de comandos en sitios cruzados (XSS) a través de cadenas manipuladas, una vulnerabilidad diferente que CVE-2010-1210. • http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0 http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html https://bugzilla.mozilla.org/show_bug.cgi?id=511859 https://bugzilla.mozilla.org/show_bug.cgi?id=522634 https://access.redhat.com/security/cve/CVE-2009-5017 https://bugzilla.redhat.com/show_bug.cgi?id=656287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3181
https://notcve.org/view.php?id=CVE-2010-3181
Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a 3.1.5, y SeaMonkey anterior a v2.0.9 en Windows permite a usuarios locales conseguir privilegios a través de un DLL (caballo de Troya) en el directorio de trabajo actual. • http://www.mozilla.org/security/announce/2010/mfsa2010-71.html https://bugzilla.mozilla.org/show_bug.cgi?id=589190 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12116 •
CVSS: 5.8EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3178 – Mozilla cross-site information disclosure via modal calls
https://notcve.org/view.php?id=CVE-2010-3178
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 no manejan adecuadamente algunas llamadas modales hechas por javascript: en circunstancias relacionadas con la apertura de URLs en nuevas ventanas y navegación entre dominios, permite a atacantes remotos evitar la "Same Origin Policy" mediante un documento HTML manipulado. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.1EPSS: 0%CPEs: 148EXPL: 0CVE-2010-3177 – Mozilla XSS in gopher parser when parsing hrefs
https://notcve.org/view.php?id=CVE-2010-3177
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el parseador Gopher en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, y SeaMonkey anterior a v2.0.9, permite a atacantes remotos inyectar código script web de su elección o código HTML a través del nombre manipulado (1) de un archivo o (2) el directorio del servidor Gopher. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http:&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3182 – Mozilla unsafe library loading flaw
https://notcve.org/view.php?id=CVE-2010-3182
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Una secuencia de comandos de ciertas aplicaciones que ejecutan Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y 3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 en Linux coloca un nombre de directorio de longitud cero en LD_LIBRARY_PATH, que permite a usuarios locales conseguir privilegios a través de una biblioteca compartida (caballo de Troya) en el directorio de trabajo actual. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-20 •