CVSS: 9.3EPSS: 3%CPEs: 173EXPL: 0CVE-2010-3775 – data: URL meta refresh (MFSA 2010-79)
https://notcve.org/view.php?id=CVE-2010-3775
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html •
CVSS: 9.8EPSS: 3%CPEs: 233EXPL: 0CVE-2010-3776 – Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
https://notcve.org/view.php?id=CVE-2010-3776
10 Dec 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 149EXPL: 0CVE-2010-3778
https://notcve.org/view.php?id=CVE-2010-3778
10 Dec 2010 — Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Mozilla Firefox 3.5.x en versiones anteriores a la 3.5.16, Thunderbird en versiones anteriores a la 3.0.11 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos provocar una denegació... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 154EXPL: 0CVE-2010-3766 – Mozilla Firefox nsDOMAttribute MutationObserver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3766
09 Dec 2010 — Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. Vulnerabilidad de uso después de liberación en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante vectores que involucran un c... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 154EXPL: 0CVE-2010-3767 – Mozilla Firefox NewIdArray Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3767
09 Dec 2010 — Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. Desbordamiento de entero en la función NewArray en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante un array JavaScript con ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 5.9EPSS: 1%CPEs: 221EXPL: 0CVE-2010-3170 – firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely
https://notcve.org/view.php?id=CVE-2010-3170
21 Oct 2010 — Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 2%CPEs: 221EXPL: 0CVE-2010-3173 – NSS: insecure Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2010-3173
21 Oct 2010 — The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La implementación de SSL en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y Se... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 2%CPEs: 135EXPL: 0CVE-2010-3174
https://notcve.org/view.php?id=CVE-2010-3174
21 Oct 2010 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor del navegador Mozilla Firefox v3.5.x anterior a v3.5.14, Thunderbird anterior a v3.0.9 y SeaMonkey anterior a v2.0.9 permiten a atacantes remotos provocar una denegación de serv... • http://www.debian.org/security/2010/dsa-2124 •
CVSS: 9.8EPSS: 3%CPEs: 149EXPL: 0CVE-2010-3176 – Mozilla miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-3176
21 Oct 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 6.1EPSS: 0%CPEs: 148EXPL: 0CVE-2010-3177 – Mozilla XSS in gopher parser when parsing hrefs
https://notcve.org/view.php?id=CVE-2010-3177
21 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el parseador Gopher en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, y SeaMonkey anterior a v2.0.9, permite a atacantes remo... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •