CVSS: 9.3EPSS: 89%CPEs: 104EXPL: 1CVE-2009-3076 – Mozilla Firefox < 3.0.14 - Multiplatform Remote Code Execution via pkcs11.addmodule
https://notcve.org/view.php?id=CVE-2009-3076
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module. Mozilla Firefox anterior a v3.0.4 no implementa adecuadamente ciertos dialogos asociados con las operaciones (1) pkcs11.addmodule y (2) pkcs11.deletemodule, lo que facilita a atacantes remotos engañar a un usuario instalando o eliminando un módulo PKCS11 de su elección. • https://www.exploit-db.com/exploits/9651 http://secunia.com/advisories/36669 http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-48.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.redhat •
CVSS: 10.0EPSS: 62%CPEs: 106EXPL: 0CVE-2009-3071 – Firefox 3.5.2 3.0.14 browser engine crashes
https://notcve.org/view.php?id=CVE-2009-3071
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador Mozilla Firefox anteriores a v3.0.14, y v3.5.x anteriores a v3.5.2, permite a los atacantes remotos causar una denegación de servicios (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar arbitrariamente código a través de vectores desconocidos. • http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.securityfocus.com/bid/36343 https://bugzilla.mozilla.org/show_bug.cgi?id=490196 https: •
CVSS: 10.0EPSS: 83%CPEs: 106EXPL: 0CVE-2009-3075 – Firefox 3.5.2 3.0.14 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-3075
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors. Múltiples vulnerabilidades sin especificar en el motor JavaScript en Mozilla Firefox anterior a v3.0.14, y v3.5.x anterior a v3.5.2, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente la ejecución remota de código a través de vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/36669 http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.mozilla.org/security/announce/2010&#x •
CVSS: 10.0EPSS: 69%CPEs: 104EXPL: 0CVE-2009-3070 – Firefox 3.5 3.0.14 browser engine crashes
https://notcve.org/view.php?id=CVE-2009-3070
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades sin especificar en el motor del navegador de Mozilla Firefox en versiones anteriores a la v3.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o probablemente ejecutar código de su elección a través de vectores de ataque desconocidos. • http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-47.html http://www.novell.com/linux/security/advisories/2009_48_firefox.html http://www.redhat.com/support/errata/RHSA-2009-1430.html http://www.securityfocus.com/bid/36343 https://bugzilla.mozilla.org/show_bug.cgi?id=430569 https: •
CVSS: 9.3EPSS: 24%CPEs: 107EXPL: 0CVE-2009-3077 – Mozilla Firefox TreeColumns Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2009-3077
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." Mozilla Firefox en versiones anteriores a la v3.0.14 y las versiones v3.5.x anteriores a v3.5.3, no gestiona apropiadamente los punteros para las columnas (también conocido como "TreeColumns") de un elemento de árbol XUL, lo que permite a atacantes remotos ejecutar código de su elección a través de un documento HTML modificado. Vulnerabilidad relacionada con la "dangling pointer vulnerability" (vulnerabiliad de puntero colgado). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the redrawing of tree columns contained within a XUL document. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/36669 http://secunia.com/advisories/36670 http://secunia.com/advisories/36671 http://secunia.com/advisories/36692 http://secunia.com/advisories/37098 http://secunia.com/advisories/38977 http://secunia.com/advisories/39001 http://www.debian.org/security/2009/dsa-1885 http://www.mozilla.org/security/announce/2009/mfsa2009-49.html http://www.novell.com/linux/security/advisories& • CWE-94: Improper Control of Generation of Code ('Code Injection') •