CVSS: 10.0EPSS: 9%CPEs: 157EXPL: 0CVE-2011-0055 – Mozilla Firefox JSON.stringify Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0055
02 Mar 2011 — Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection. Vulnerabilidad de uso después de liberación de memoria en el método JSON.stringify en js3250.dll en Mozilla Firefox en versiones anteriores a 3.5.17 y 3.6.x en versiones anteriores a 3.6.14 y SeaMonkey en ver... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 18%CPEs: 233EXPL: 0CVE-2010-3768 – Mozilla add support for OTS font sanitizer (MFSA 2010-78)
https://notcve.org/view.php?id=CVE-2010-3768
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13, Thunderbird en versiones anteriores a la 3.0.11 y 3... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 15%CPEs: 258EXPL: 0CVE-2010-3769
https://notcve.org/view.php?id=CVE-2010-3769
10 Dec 2010 — The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. La implementación de line-breaking en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13, Thunderbird en versiones anteriore... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 173EXPL: 0CVE-2010-3774 – Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)
https://notcve.org/view.php?id=CVE-2010-3774
10 Dec 2010 — The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. La función NS_SecurityCompareURIs en netwerk/base/public/nsNetUtil.h en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 15%CPEs: 173EXPL: 0CVE-2010-3772 – Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77)
https://notcve.org/view.php?id=CVE-2010-3772
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly calculate index values for certain child content in a XUL tree, which allows remote attackers to execute arbitrary code via vectors involving a DIV element within a treechildren element. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, no calculan adecuadamente los valores de los índices para ciertos contenidos h... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 173EXPL: 0CVE-2010-3773 – Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)
https://notcve.org/view.php?id=CVE-2010-3773
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-0179. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a l... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html •
CVSS: 9.3EPSS: 47%CPEs: 149EXPL: 0CVE-2010-3778
https://notcve.org/view.php?id=CVE-2010-3778
10 Dec 2010 — Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Mozilla Firefox 3.5.x en versiones anteriores a la 3.5.16, Thunderbird en versiones anteriores a la 3.0.11 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos provocar una denegació... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 173EXPL: 0CVE-2010-3771 – Mozilla Chrome privilege escalation with window.open and <isindex> element (MFSA 2010-76)
https://notcve.org/view.php?id=CVE-2010-3771
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle injection of an ISINDEX element into an about:blank page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to redirection to a chrome: URI. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, no manejan de manera apropiada la inyección de un element... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html •
CVSS: 6.1EPSS: 3%CPEs: 173EXPL: 1CVE-2010-3770 – Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-3770
10 Dec 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that may be converted to angle brackets during rendering. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el motor de renderizado en Mozilla Firefox en versiones anteriores a la 3.5.16... • https://www.exploit-db.com/exploits/35095 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 233EXPL: 0CVE-2010-3776 – Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
https://notcve.org/view.php?id=CVE-2010-3776
10 Dec 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •