CVE-2010-1990
https://notcve.org/view.php?id=CVE-2010-1990
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. Mozilla Firefox v3.6.x, v3.5.x, v3.0.19, anteriores y SeaMonkey, ejecuta una aplicación mail en situaciones dónde un elemento IFRAME tiene un mailto: URL en su atributo SRC, lo que permite a atacantes remotos causar una denegación de servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con varios elementos IFRAME. • http://websecurity.com.ua/4206 http://www.securityfocus.com/archive/1/511327/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12386 • CWE-399: Resource Management Errors •
CVE-2010-1986
https://notcve.org/view.php?id=CVE-2010-1986
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. Mozilla Firefox v3.6.3 en Windows XP SP3 permite a atacantes remotos causar una denegación del servicio (consumo de memoria y caída de la aplicación) a través de código JavaScript que crea arrays múltiples que contienen valores de cadena largos y añaden caracteres al contenido del elemento P relacionado con la función gfxWindowsFontGroup::MakeTextRun en xul.dll, diferente a la vulnerabilidad CVE-2009-1571. • http://www.exploit-db.com/exploits/12678 http://www.osvdb.org/64791 http://www.securityfocus.com/archive/1/511329/100/0/threaded http://www.x90c.org/advisories/firefox_3.6.3_crash_advisory.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58761 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12433 • CWE-399: Resource Management Errors •
CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. El método nsIScriptableUnescapeHTML.parseFragment en el mecanismo de protección ParanoidFragmentSink en Mozilla Firefox en versiones anteriores a 3.5.17 y 3.6.x en versiones anteriores a 3.6.14, Thunderbird en versiones anteriores a 3.1.8 y SeaMonkey en versiones anteriores a 2.0.12 no desinfecta adecuadamente HTML en un documento chrome, lo que hace más fácil a atacantes remotos ejecutar JavaScript arbitrario con privilegios de chrome a través de un javascript: URI en entrada a una extensión, como se demuestra por una secuencia javascript:alert en el atributo (1) HREF de un elemento A o el atributo (2) ACTION de un elemento FORM. • http://downloads.avaya.com/css/P8/documents/100133195 http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf http://www.securityfocus.com/archive/1/510883/100/0/threaded https://bug • CWE-20: Improper Input Validation •
CVE-2010-0181
https://notcve.org/view.php?id=CVE-2010-0181
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. Mozilla Firefox anteriores a v3.5.9 y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, ejecuta la aplicación de correo en situaciones donde un elemento IMG tiene un atributo SRC que redirigido a una URL mailto:, lo que permite a atacantes remotos producir una denegación de servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con muchas imágenes. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39397 http://ubuntu.com/usn/usn-921-1 http://websecurity.com.ua/4206 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-23.html http://www.securityfocus.com/archive/1/511327/100/0/threaded http://www.vupen.com/english/advisories/2010/0748 http://www.vupen.com/engl • CWE-20: Improper Input Validation •
CVE-2010-0178 – Firefox Chrome privilege escalation via forced URL drag and drop
https://notcve.org/view.php?id=CVE-2010-0178
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, no impide que los applets interpreten los clicks del ratón como acciones drag-and-drop, lo que permite a atacantes remotos ejecutar JavaScript arbitrario con privilegios chrome mediante la carga de un chrome: URL cuando se carga un JavaScript : URL. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39240 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 http://securitytracker.com/id?1023776 http://ubuntu.com/usn/usn-921-1 http://www.debian.org/security/2010/dsa-2027 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/201 • CWE-94: Improper Control of Generation of Code ('Code Injection') •