CVSS: 10.0EPSS: 1%CPEs: 107EXPL: 0CVE-2009-3079 – Firefox 3.5.3 3.0.14 Chrome privilege escalation with FeedWriter
https://notcve.org/view.php?id=CVE-2009-3079
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. Vulnerabilidad inespecífica en Mozilla Firefox anteriores a la v3.0.14, y v3.5.x anterior a la v3.5.3, permite a atacantes remotos ejecutar Javascript arbitrario con privilegios de chrome a través de vectores que incluyen un objeto, el FeedWriter, y el BrowserFeedWriter. • http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36757 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1886 http://www.mozilla.org/security/announce/2009/mfsa2009-51.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.securityfocus.com/bid/36343 http://www.securitytracker.com/id?1022873 https://bugzilla&# • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 52%CPEs: 104EXPL: 0CVE-2009-3074 – Firefox 3.5 3.0.14 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-3074
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor JavaScript de Mozilla Firefox en versiones anteriores a la v3.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.securityfocus.com/bid/36343 https://bugzilla.mozilla.org/show_bug.cgi?id=467493 https: •
CVSS: 10.0EPSS: 62%CPEs: 106EXPL: 0CVE-2009-3071 – Firefox 3.5.2 3.0.14 browser engine crashes
https://notcve.org/view.php?id=CVE-2009-3071
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador Mozilla Firefox anteriores a v3.0.14, y v3.5.x anteriores a v3.5.2, permite a los atacantes remotos causar una denegación de servicios (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar arbitrariamente código a través de vectores desconocidos. • http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.securityfocus.com/bid/36343 https://bugzilla.mozilla.org/show_bug.cgi?id=490196 https: •
CVSS: 10.0EPSS: 83%CPEs: 106EXPL: 0CVE-2009-3075 – Firefox 3.5.2 3.0.14 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-3075
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. Múltiples vulnerabilidades sin especificar en el motor JavaScript en Mozilla Firefox anterior a v3.0.14, y v3.5.x anterior a v3.5.2, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente la ejecución remota de código a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/36669 http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.mozilla.org/security/announce/2010&#x •
CVSS: 10.0EPSS: 69%CPEs: 104EXPL: 0CVE-2009-3070 – Firefox 3.5 3.0.14 browser engine crashes
https://notcve.org/view.php?id=CVE-2009-3070
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador de Mozilla Firefox en versiones anteriores a la v3.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o probablemente ejecutar código de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.securityfocus.com/bid/36343 https://bugzilla.mozilla.org/show_bug.cgi?id=430569 https: •