CVSS: 10.0EPSS: 2%CPEs: 163EXPL: 0CVE-2011-0078 – Mozilla OOM condition arbitrary memory write (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0078
07 May 2011 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.... • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird •
CVSS: 10.0EPSS: 1%CPEs: 163EXPL: 0CVE-2011-0080 – Mozilla memory safety issue (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0080
07 May 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Multiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v.3.1.10 y SeaMon... • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird •
CVSS: 7.5EPSS: 0%CPEs: 157EXPL: 1CVE-2011-1712
https://notcve.org/view.php?id=CVE-2011-1712
15 Apr 2011 — The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. La función txXPathNodeUtils::getXSLTId en los archivos txMozillaXPathTreeWalker.cpp y txStandaloneXPathTreeWalker.cpp en Mo... • http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 2CVE-2011-1187
https://notcve.org/view.php?id=CVE-2011-1187
11 Mar 2011 — Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Google Chrome en versiones anteriores a la 10.0.648.127 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. Relacionado con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=69187 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 212EXPL: 0CVE-2010-2760 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2760
09 Sep 2010 — Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. Vulnerabilidad de uso después de la liberación en la función nsTreeSelection en Mozilla Firefox ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 202EXPL: 0CVE-2010-2763
https://notcve.org/view.php?id=CVE-2010-2763
09 Sep 2010 — The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. La clase XPCSafeJSObjectWrapper en la implementación SafeJSObjectWrapper (también conocido como SJOW) en Mozilla Firefox anterior a v3.5.12, Thunderbird anter... • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 212EXPL: 0CVE-2010-2764 – Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63)
https://notcve.org/view.php?id=CVE-2010-2764
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, SeaMonkey anterior a v2.0.7 no restringe correctamente el acces... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 3%CPEs: 212EXPL: 0CVE-2010-2765 – Mozilla Frameset integer overflow vulnerability (MFSA 2010-50)
https://notcve.org/view.php?id=CVE-2010-2765
09 Sep 2010 — Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. Desbordamiento de entero en la implementación del elemento FRAMESET en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 4%CPEs: 212EXPL: 0CVE-2010-2766 – Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2766
09 Sep 2010 — The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. La función normalizeDocument en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, SeaMonkey an... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 6%CPEs: 212EXPL: 0CVE-2010-2767 – Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
https://notcve.org/view.php?id=CVE-2010-2767
09 Sep 2010 — The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." La aplicación navigator.plugins en Mozilla Firefox anterior a v3.5.12 y v3.6.x ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors •