CVSS: 10.0EPSS: 42%CPEs: 171EXPL: 0CVE-2011-2997
https://notcve.org/view.php?id=CVE-2011-2997
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox anteriores a v6, Thunderbird anteriores a v7.0 y SeaMonkey anteriores a v2.4, permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html http://secunia.com/advisories/46315 http://www.mandriva.com/security/advisories?name=MDVSA-2011:141 http://www.mandriva.com/security/advisories?name=MDVSA-2011:142 http://www.mozilla.org/security/announce/2011/mfsa2011-36.html https://bugzilla.mozilla.org/show_bug.cgi?id=552002 https://bugzilla.mozilla.org/show_bug.cgi?id=657198 https://bugzilla.mozilla.org/show_bug.cgi? •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2011-3003
https://notcve.org/view.php?id=CVE-2011-3003
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation. Mozilla Firefox anteriores a v7.0 y SeaMonkey anteriores a v2.4 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un caso de text WebGL sin especificar que provoca un error de reserva de memoria y una operación de escritura fuera del límite. • http://www.mandriva.com/security/advisories?name=MDVSA-2011:141 http://www.mozilla.org/security/announce/2011/mfsa2011-41.html https://bugzilla.mozilla.org/show_bug.cgi?id=682335 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14054 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3866
https://notcve.org/view.php?id=CVE-2011-3866
Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab. Mozilla Firefox antes de v7.0 y SeaMonkey antes de v2.4 no restringe correctamente la disponibilidad de los datos de movimiento de eventos, lo que hace que sea más fácil para los atacantes remotos leer las pulsaciones de teclado mediante el aprovechamiento de código JavaScript que se ejecuta en una pestaña en segundo plano. • http://www.mozilla.org/security/announce/2011/mfsa2011-45.html http://www.usenix.org/events/hotsec11/tech/tech.html#Cai https://bugzilla.mozilla.org/show_bug.cgi?id=682562 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13954 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 86EXPL: 0CVE-2011-3004
https://notcve.org/view.php?id=CVE-2011-3004
The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior. JSSubScriptLoader en Mozilla Firefox 4.x hasta la versión 6 y SeaMonkey anteriores a la 2.4 no maneja apropiadamente XPCNativeWrappers durante llamadas al método loadSubScript en un complemento, lo que facilita a atacantes remotos escalar privilegios a través de una web modificada que utiliza "unwrapping behavior". • http://www.mandriva.com/security/advisories?name=MDVSA-2011:141 http://www.mozilla.org/security/announce/2011/mfsa2011-43.html https://bugzilla.mozilla.org/show_bug.cgi?id=653926 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14121 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 1%CPEs: 204EXPL: 0CVE-2011-2999 – Mozilla: XSS via plugins and shadowed window.location object (MFSA 2011-38)
https://notcve.org/view.php?id=CVE-2011-2999
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. Mozilla Firefox anteriores a v3.6.23 y v4.x hasta v5,Thunderbird anteriores a v6.0 y SeaMonkey anteriores a v2.3 no gestionan adecuadamente "Location" como el nombre de un marco, que permite a atacantes remotos evitar la "Same Origin Policy" a través de un sitio web manipulado, vulnerabilidad diferente a CVE-2010-0170. • http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html http://lists.opensuse.org/opensuse-updates/2011-10/msg00002.html http://secunia.com/advisories/46315 http://www.debian.org/security/2011/dsa-2312 http://www.debian.org/security/2011/dsa-2313 http://www.debian.org/security/2011/dsa-2317 http://www.mandriva.com/security/advisories?name=MDVSA-2011:139 http://www.mandriva.com/security/advisories?name=MDVSA-2011:140 http://www.mandriva.com/security/advisories? • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •