CVSS: 9.3EPSS: 11%CPEs: 3EXPL: 0CVE-2010-1203 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1203
The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. El motor de JavaScript en Firefox de Mozilla versiones 3.6.x anteriores a 3.6.4, permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria y bloqueo de aplicación) o posiblemente ejecutar código arbitrario por medio de vectores que desencadenan un fallo de aserción en el archivo jstracer.cpp. • http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 http://www.mozilla.org/security/announce/2010/mfsa2010-26.html http://www.redhat.com/support/errata/RHSA-2010-0 •
CVSS: 10.0EPSS: 79%CPEs: 100EXPL: 3CVE-2010-1199 – Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1199
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Desbordamiento de enteros en la implementación del nodo de ordenación XSLT en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su elección a través de un valor de texto largo para el nodo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or otherwise render a malicious file. The specific flaw exists within a particular XSLT transformation when applied to an XML document. If a large number of elements have this transformation applied to them, the application will misallocate a buffer. • https://www.exploit-db.com/exploits/34192 https://www.exploit-db.com/exploits/14949 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1CVE-2010-2117
https://notcve.org/view.php?id=CVE-2010-2117
Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. Vulnerabilidad en Mozilla Firefox v3.0.19, v3.5.x, y v3.6.x permite a atacantes remotos provocar una denegación de servicio (agotamiento de recursos) a través de código JavaScript que contenga un bucle infinito que crea elementos IFRAME a URIs no válidas de tipo (1) news:// o (2) nntp:// • http://websecurity.com.ua/4238 http://www.securityfocus.com/archive/1/511509/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11190 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 2CVE-2010-1987
https://notcve.org/view.php?id=CVE-2010-1987
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. Mozilla Firefox v3.6.3 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria, lectura fuera de rango y caída de la aplicación) a través de código JavaScript que añade cadenas largas de caracteres al contenido de un elemento P y realiza operaciones de concatenación de cadenas y subcadenas relacionado con la clase DoubleWideCharMappedString class en USP10.dll y en la función gfxWindowsFontGroup::GetUnderlineOffset de xul.dll, diferente a la vulnerabilidad CVE-2009-1571. • http://osvdb.org/64790 http://www.exploit-db.com/exploits/12678 http://www.securityfocus.com/archive/1/511329/100/0/threaded http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58762 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12013 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 12%CPEs: 2EXPL: 2CVE-2010-1988
https://notcve.org/view.php?id=CVE-2010-1988
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. Mozilla Firefox v3.6.3 en Windows XP SP3 permite a atacantes remotos provocar una denegación de servicio (puntero nulo y caída de la aplicación ) o la posibilidad de ejecutar código a su elección a través de código JavaScript que realiza operaciones de concatenación de cadenas y sub-cadenas, diferente a la vulnerabilidad CVE-2009-1571. • http://osvdb.org/64789 http://www.exploit-db.com/exploits/12678 http://www.securityfocus.com/archive/1/511329/100/0/threaded http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12050 •