CVSS: 6.1EPSS: 3%CPEs: 173EXPL: 1CVE-2010-3770 – Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-3770
10 Dec 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el motor de renderizado en Mozilla Firefox en versiones anteriores a la 3.5.16... • https://www.exploit-db.com/exploits/35095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 233EXPL: 0CVE-2010-3776 – Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
https://notcve.org/view.php?id=CVE-2010-3776
10 Dec 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 2%CPEs: 173EXPL: 0CVE-2010-3775 – data: URL meta refresh (MFSA 2010-79)
https://notcve.org/view.php?id=CVE-2010-3775
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html •
CVSS: 9.8EPSS: 43%CPEs: 154EXPL: 0CVE-2010-3767 – Mozilla Firefox NewIdArray Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3767
09 Dec 2010 — Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. Desbordamiento de entero en la función NewArray en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante un array JavaScript con ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 11%CPEs: 154EXPL: 0CVE-2010-3766 – Mozilla Firefox nsDOMAttribute MutationObserver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3766
09 Dec 2010 — Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. Vulnerabilidad de uso después de liberación en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante vectores que involucran un c... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 7.5EPSS: 1%CPEs: 221EXPL: 0CVE-2010-3173 – NSS: insecure Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2010-3173
21 Oct 2010 — The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La implementación de SSL en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y Se... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 8.4EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3182 – Mozilla unsafe library loading flaw
https://notcve.org/view.php?id=CVE-2010-3182
21 Oct 2010 — A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Una secuencia de comandos de ciertas aplicaciones que ejecutan Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y 3.... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 9.3EPSS: 7%CPEs: 135EXPL: 0CVE-2010-3174
https://notcve.org/view.php?id=CVE-2010-3174
21 Oct 2010 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor del navegador Mozilla Firefox v3.5.x anterior a v3.5.14, Thunderbird anterior a v3.0.9 y SeaMonkey anterior a v2.0.9 permiten a atacantes remotos provocar una denegación de serv... • http://www.debian.org/security/2010/dsa-2124 •
CVSS: 5.9EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3170 – firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely
https://notcve.org/view.php?id=CVE-2010-3170
21 Oct 2010 — Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 8%CPEs: 149EXPL: 0CVE-2010-3176 – Mozilla miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-3176
21 Oct 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •