CVSS: 10.0EPSS: 20%CPEs: 157EXPL: 0CVE-2011-0054 – Mozilla Buffer overflow in JavaScript upvarMap (MFSA 2011-04)
https://notcve.org/view.php?id=CVE-2011-0054
02 Mar 2011 — Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. Desbordamiento de búfer en el motor JavaScript de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores con variables JavaScript n... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 149EXPL: 0CVE-2011-0061 – Mozilla crash caused by corrupted JPEG image (MFSA 2011-09)
https://notcve.org/view.php?id=CVE-2011-0061
02 Mar 2011 — Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Desbordamiento de buffer en Mozilla Firefox 3.6.x anteriores a la versión 3.6.14, Thunderbird en versiones anteriores a la 3.1.8 y SeaMonkey anteriores a 2.0.12. Pueden permitir a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 9%CPEs: 157EXPL: 0CVE-2011-0055 – Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0055
02 Mar 2011 — Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection. Vulnerabilidad de uso después de liberación de memoria en el método JSON.stringify en js3250.dll en Mozilla Firefox en versiones anteriores a 3.5.17 y 3.6.x en versiones anteriores a 3.6.14 y SeaMonkey en ver... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 18%CPEs: 233EXPL: 0CVE-2010-3768 – Mozilla add support for OTS font sanitizer (MFSA 2010-78)
https://notcve.org/view.php?id=CVE-2010-3768
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13, Thunderbird en versiones anteriores a la 3.0.11 y 3... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 15%CPEs: 258EXPL: 0CVE-2010-3769
https://notcve.org/view.php?id=CVE-2010-3769
10 Dec 2010 — The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. La implementación de line-breaking en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13, Thunderbird en versiones anteriore... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 173EXPL: 0CVE-2010-3774 – Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)
https://notcve.org/view.php?id=CVE-2010-3774
10 Dec 2010 — The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. La función NS_SecurityCompareURIs en netwerk/base/public/nsNetUtil.h en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 15%CPEs: 173EXPL: 0CVE-2010-3772 – Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77)
https://notcve.org/view.php?id=CVE-2010-3772
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, no calculan adecuadamente los valores de los índices para ciertos contenidos h... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 173EXPL: 0CVE-2010-3773 – Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)
https://notcve.org/view.php?id=CVE-2010-3773
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a l... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html •
CVSS: 9.3EPSS: 47%CPEs: 149EXPL: 0CVE-2010-3778
https://notcve.org/view.php?id=CVE-2010-3778
10 Dec 2010 — Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Mozilla Firefox 3.5.x en versiones anteriores a la 3.5.16, Thunderbird en versiones anteriores a la 3.0.11 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos provocar una denegació... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 173EXPL: 0CVE-2010-3771 – Mozilla Chrome privilege escalation with window.open and <isindex> element (MFSA 2010-76)
https://notcve.org/view.php?id=CVE-2010-3771
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, no manejan de manera apropiada la inyección de un element... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html •