CVSS: 9.3EPSS: 2%CPEs: 173EXPL: 0CVE-2010-3775 – data: URL meta refresh (MFSA 2010-79)
https://notcve.org/view.php?id=CVE-2010-3775
Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, no manejan de manera apropiada ciertas redirecciones que involucren datos: URLs y secuencias de comandos Java LiveConnect, lo que permite a atacantes remotos iniciar procesos, leer ficheros locales de su elección y establecer conexiones de red a través de vectores relacionados con un valor de refresco en el atributo http-equiv de un elemento META. • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://secunia.com/advisories/42716 http://secunia.com/advisories/42818 http://support.avaya.com/css/P8& •
CVSS: 9.3EPSS: 11%CPEs: 154EXPL: 0CVE-2010-3766 – Mozilla Firefox nsDOMAttribute MutationObserver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3766
Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. Vulnerabilidad de uso después de liberación en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante vectores que involucran un cambio a un nodo nsDOMAttribute. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's support of the NodeIterator API used for element traversal. Due to a particular element not implementing functionality required by the API, a use-after free vulnerability can be forced to occur. • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://secunia.com/advisories/42716 http://secunia.com/advisories/42818 http://support.avaya.com/css/P8& • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.3EPSS: 42%CPEs: 154EXPL: 0CVE-2010-3767 – Mozilla Firefox NewIdArray Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3767
Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. Desbordamiento de entero en la función NewArray en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante un array JavaScript con muchos elementos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Firefox's management of the JSSLOT_ARRAY_COUNT annotation. This value represents the number of items filled within a given Array object. • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052032.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://secunia.com/advisories/42716 http://secunia.com/advisories/42818 http://support.avaya.com/css/P8& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2009-5017 – Firefox: overlong UTF-8 seqence detection problem
https://notcve.org/view.php?id=CVE-2009-5017
Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. Mozilla Firefox anterior v3.6 Beta 3 no maneja adecuadamente codificaciones UTF-8 demasiado largas, lo que hace facil para atacantes remotos superar los mecanísmos de protección de secuencias de comandos en sitios cruzados (XSS) a través de cadenas manipuladas, una vulnerabilidad diferente que CVE-2010-1210. • http://hg.mozilla.org/releases/mozilla-1.9.2/rev/e42c563313a0 http://sirdarckcat.blogspot.com/2009/10/couple-of-unicode-issues-on-php-and.html https://bugzilla.mozilla.org/show_bug.cgi?id=511859 https://bugzilla.mozilla.org/show_bug.cgi?id=522634 https://access.redhat.com/security/cve/CVE-2009-5017 https://bugzilla.redhat.com/show_bug.cgi?id=656287 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 96%CPEs: 56EXPL: 7CVE-2010-3765 – Mozilla Firefox - Simplified Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2010-3765
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. Firefox versiones 3.5.x hasta 3.5.14 y versiones 3.6.x hasta 3.6.11, Thunderbird versiones 3.1.6 anteriores a 3.1.6 y versiones 3.0.x anteriores a 3.0.10, y SeaMonkey versiones 2.x anteriores a 2.0.10, de Mozilla, cuando JavaScript está habilitado, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores relacionados con nsCSSFrameConstructor::ContentAppended, el método appendChild, el seguimiento incorrecto de índices y la creación de varias tramas, lo que desencadena corrupción de memoria, como se explotó “in the wild” en octubre de 2010 por el malware Belmoo. • https://www.exploit-db.com/exploits/15342 https://www.exploit-db.com/exploits/15341 https://www.exploit-db.com/exploits/16509 https://www.exploit-db.com/exploits/15352 http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://isc.sans.edu/diary.html?storyid=9817 http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050233.html http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •