CVE-2010-3170 – firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely
https://notcve.org/view.php?id=CVE-2010-3170
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9, reconoce una dirección IP comodín (wildcard) en el campo Common Name del asunto en un certificado X.509, esto podría permitir un ataque de hombre-en-medio (man-in-the-middle o MITM) para falsear servidores SSL de su elección a través de un certificado manipuado enviado por una Autoridad de Certificación (CA) legítima. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://secunia.com/advisories/41839 http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2123 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mozilla.org/security/announce/2010/mfsa2 • CWE-310: Cryptographic Issues •
CVE-2010-3183 – Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3183
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. La función LookupGetterOrSetter en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior v2.0.9 no soporta adecuadamente las llamadas a la función window._lookupGetter_ que carece de argumentos,permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicios (desreferencia de puntero incorrecto y caída de la aplicación) a través de documentos HTML manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3400
https://notcve.org/view.php?id=CVE-2010-3400
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. La función js_InitRandom en la implementación JavaScript de Mozilla Firefox v3.5.x anterior a v3.5.10 y v3.6.x anterior a v3.6.4, y SeaMonkey anterior a v2.0.5, usa la hora actual como semilla de un generador de números aleatorios, lo cual les facilita a los atacantes remotos adivinar el valor de la semilla a través de un ataque de fuerza bruta, una vulneravilidad diferente de CVE-2008-5913. • https://bugzilla.mozilla.org/show_bug.cgi?id=475585 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7339 • CWE-310: Cryptographic Issues •
CVE-2010-3399
https://notcve.org/view.php?id=CVE-2010-3399
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. La función js_InitRandom en la implementación JavaScript de Mozilla Firefox v3.5.10 hasta v3.5.11, v3.6.4 hasta v3.6.8 y v4.0 Beta1 utiliza un puntero de contexto en en relación con su puntero sucesor para utilizar como semilla de de un generador de números aleatorios, lo cual les facilita a los atacantes remotos adivinar el valor de la semilla a través de un ataque de fuerza bruta, una vulneravilidad diferente de CVE-2010-3171. • http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://secunia.com/advisories/42867 http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf http://www.vupen.com/english/advisories/2011/0061 https://bugzilla.mozilla.org/show_bug.cgi?id=475585 https://bugzilla.mozilla.org/show_bug.cgi?id=577512 https://oval.cisecurity.org/repository/search/de • CWE-310: Cryptographic Issues •
CVE-2010-3171 – Mozilla Firefox 3.6.8 - 'Math.random()' Cross Domain Information Disclosure
https://notcve.org/view.php?id=CVE-2010-3171
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. La función Math.random en la implementación JavaScript en Mozilla Firefox v3.5.10 hasta v3.5.11, v3.6.4 hasta v3.6.8, y v4.0 Beta1 usa un generador de números aleatorios que se siembra una sola vez por documento objeto, lo cual facilita a los atacantes remotos el seguimiento de un usuario, o engañar a un usuario a que actúe sobre un mensaje pop-up falso, mediante el cálculo del valor de la semilla, relacionado con una "temporary footprint" y una "in-session phishing attack". NOTA: esta vulnerabilidad existe debido a una solución incompleta de CVE-2008-5913. • https://www.exploit-db.com/exploits/34621 http://archives.neohapsis.com/archives/bugtraq/2010-09/0117.html http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://secunia.com/advisories/42867 http://www.securityfocus.com/bid/43222 http://www.trusteer.com/sites/default/files/Cross_domain_Math_Random_leakage_in_FF_3.6.4-3.6.8.pdf http://www.vupen.com/english/advisories/2011/0061 https://bugzilla.mozilla.org/show_bug.cgi?id=577512 https://oval& • CWE-310: Cryptographic Issues •