CVSS: 6.5EPSS: 1%CPEs: 173EXPL: 0CVE-2010-3774 – Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)
https://notcve.org/view.php?id=CVE-2010-3774
10 Dec 2010 — The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a crafted web site. La función NS_SecurityCompareURIs en netwerk/base/public/nsNetUtil.h en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteri... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 173EXPL: 0CVE-2010-3775 – data: URL meta refresh (MFSA 2010-79)
https://notcve.org/view.php?id=CVE-2010-3775
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via vectors involving a refresh value in the http-equiv attribute of a META element, which causes the wrong security principal to be used. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html •
CVSS: 9.8EPSS: 3%CPEs: 233EXPL: 0CVE-2010-3776 – Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
https://notcve.org/view.php?id=CVE-2010-3776
10 Dec 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 3%CPEs: 149EXPL: 0CVE-2010-3778
https://notcve.org/view.php?id=CVE-2010-3778
10 Dec 2010 — Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Mozilla Firefox 3.5.x en versiones anteriores a la 3.5.16, Thunderbird en versiones anteriores a la 3.0.11 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos provocar una denegació... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 154EXPL: 0CVE-2010-3766 – Mozilla Firefox nsDOMAttribute MutationObserver Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3766
09 Dec 2010 — Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via vectors involving a change to an nsDOMAttribute node. Vulnerabilidad de uso después de liberación en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante vectores que involucran un c... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 9.8EPSS: 3%CPEs: 154EXPL: 0CVE-2010-3767 – Mozilla Firefox NewIdArray Integer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3767
09 Dec 2010 — Integer overflow in the NewIdArray function in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allows remote attackers to execute arbitrary code via a JavaScript array with many elements. Desbordamiento de entero en la función NewArray en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos ejecutar código de su elección mediante un array JavaScript con ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 87%CPEs: 56EXPL: 7CVE-2010-3765 – Mozilla Firefox - Simplified Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2010-3765
27 Oct 2010 — Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. Firefox versiones 3.5.x hasta 3.5.... • https://www.exploit-db.com/exploits/15342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 1%CPEs: 221EXPL: 0CVE-2010-3170 – firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely
https://notcve.org/view.php?id=CVE-2010-3170
21 Oct 2010 — Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 2%CPEs: 221EXPL: 0CVE-2010-3173 – NSS: insecure Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2010-3173
21 Oct 2010 — The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La implementación de SSL en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y Se... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 9.3EPSS: 2%CPEs: 135EXPL: 0CVE-2010-3174
https://notcve.org/view.php?id=CVE-2010-3174
21 Oct 2010 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor del navegador Mozilla Firefox v3.5.x anterior a v3.5.14, Thunderbird anterior a v3.0.9 y SeaMonkey anterior a v2.0.9 permiten a atacantes remotos provocar una denegación de serv... • http://www.debian.org/security/2010/dsa-2124 •