CVSS: 5.9EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3170 – firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely
https://notcve.org/view.php?id=CVE-2010-3170
21 Oct 2010 — Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 8%CPEs: 149EXPL: 0CVE-2010-3176 – Mozilla miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-3176
21 Oct 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 ... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 6.1EPSS: 0%CPEs: 148EXPL: 0CVE-2010-3177 – Mozilla XSS in gopher parser when parsing hrefs
https://notcve.org/view.php?id=CVE-2010-3177
21 Oct 2010 — Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el parseador Gopher en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, y SeaMonkey anterior a v2.0.9, permite a atacantes remo... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3178 – Mozilla cross-site information disclosure via modal calls
https://notcve.org/view.php?id=CVE-2010-3178
21 Oct 2010 — Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonke... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 17%CPEs: 221EXPL: 0CVE-2010-3180 – Mozilla use-after-free error in nsBarProp
https://notcve.org/view.php?id=CVE-2010-3180
21 Oct 2010 — Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. Vulnerabilidad de uso después de liberación (Use-after-free) en la función nsBarProp en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y Sea... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3181
https://notcve.org/view.php?id=CVE-2010-3181
21 Oct 2010 — Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. Vulnerabilidad de ruta de búsqueda no confiable en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a 3.1.5, y SeaMonkey anterior a v2.0.9 en Windows permite a usuarios loca... • http://www.mozilla.org/security/announce/2010/mfsa2010-71.html •
CVSS: 9.8EPSS: 78%CPEs: 221EXPL: 1CVE-2010-3179 – Mozilla Firefox SeaMonkey 3.6.10 / Thunderbird 3.1.4 - 'document.write' Memory Corruption
https://notcve.org/view.php?id=CVE-2010-3179
21 Oct 2010 — Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. Un desbordamiento de búfer basado en pila en la funcionalidad text-rendering en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11,... • https://www.exploit-db.com/exploits/34881 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 64%CPEs: 221EXPL: 0CVE-2010-3183 – Mozilla Firefox LookupGetterOrSetter Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-3183
19 Oct 2010 — The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. La función LookupGetterOrSetter... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 57EXPL: 0CVE-2010-3400
https://notcve.org/view.php?id=CVE-2010-3400
15 Sep 2010 — The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. La función js_InitRandom en la implementación JavaScript de Mozilla Firefox v3.5.x anterior a v3.5.10 y v3.6.x anterior a v3.6.4, y SeaMonkey anterior a v2.0.... • https://bugzilla.mozilla.org/show_bug.cgi?id=475585 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 212EXPL: 0CVE-2010-2768 – Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
https://notcve.org/view.php?id=CVE-2010-2768
09 Sep 2010 — Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 no restringe adecuada... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •