CVSS: 9.3EPSS: 24%CPEs: 212EXPL: 4CVE-2010-3131 – Mozilla Firefox 3.6.8 - 'dwmapi.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3131
26 Aug 2010 — Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .htm, .html, .jtx, .mfp, or .eml file. Una vulnerabilidad de ruta de búsqueda no confiable en Firefox anterior a versión 3.5.12 y versiones 3.6.x an... • https://www.exploit-db.com/exploits/14730 •
CVSS: 5.4EPSS: 0%CPEs: 65EXPL: 1CVE-2010-2751 – Mozilla SSL spoofing with history.back() and history.forward()
https://notcve.org/view.php?id=CVE-2010-2751
30 Jul 2010 — The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests, a redirect, and the history.back and history.forward JavaScript functions. La función nsDocShell::OnRedirectStateChange de docshell/base/nsDocShell.cpp en Mozilla Firefox v3.5.x anteriores a v3.5.11 y v3.6.x anteriores a v3.6.7, y... • http://www.mozilla.org/security/announce/2010/mfsa2010-45.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 73EXPL: 0CVE-2010-1213 – Mozilla Cross-origin data disclosure via Web Workers and importScripts
https://notcve.org/view.php?id=CVE-2010-1213
30 Jul 2010 — The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. El método importScripts Web Worker en Mozilla Firefox v3.5.x anteriores a la v3.5.11 y v3.6.x anteriores a la v3.6.7, Thunderbird v3.0.x anteriores a l... • http://www.mozilla.org/security/announce/2010/mfsa2010-42.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 7%CPEs: 72EXPL: 0CVE-2010-1211 – Mozilla miscellaneous memory safety hazards
https://notcve.org/view.php?id=CVE-2010-1211
30 Jul 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Multiples vulnerabilidades sin especificar en el motor de navegación de Mozilla Firefox v3.5.x anteriores a la v3.5.11 y v3.6.x anteriores a la v3.6.7, Thunde... • http://www.mozilla.org/security/announce/2010/mfsa2010-34.html •
CVSS: 5.1EPSS: 0%CPEs: 72EXPL: 0CVE-2010-2754 – Mozilla Cross-origin data leakage from script filename in error messages
https://notcve.org/view.php?id=CVE-2010-2754
29 Jul 2010 — dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. dom/base/nsJSEnvironment.cpp en Mozilla Firefox v3.5.x anteriores a v3.5.1... • http://www.mozilla.org/security/announce/2010/mfsa2010-47.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 6%CPEs: 14EXPL: 1CVE-2010-2753 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2753
20 Jul 2010 — Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. Un desbordamiento de enteros en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0.6 y versiones 3.1.x anteriores a 3.1.1, y SeaMonkey a... • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVSS: 10.0EPSS: 66%CPEs: 3EXPL: 0CVE-2010-1208 – Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1208
20 Jul 2010 — Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. Una vulnerabilidad de uso de la memoria previamente liberada en la funcionalidad de clonación de atributos en la implementación DOM en Firefox versiones 3.5.x anteriores a 3.5.11 y versi... • http://www.mozilla.org/security/announce/2010/mfsa2010-35.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 8%CPEs: 65EXPL: 0CVE-2010-1209 – Mozilla Firefox NodeIterator Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1209
20 Jul 2010 — Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. Una vulnerabilidad de uso de la memoria previamente liberada en la implementación de NodeIterator en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, y SeaMonk... • http://www.mozilla.org/security/announce/2010/mfsa2010-36.html • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 60%CPEs: 65EXPL: 2CVE-2010-1214 – Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1214
20 Jul 2010 — Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. Desbordamiento de entero en Mozilla Firefox v3.5.x anteriores a la v3.5.11 y v3.6.x anteriores a la v3.6.7, y SeaMonkey en versiones anteriores a la v2.0.6, permite a atacantes remotos ejecutar código de elección a través del "plugin content" con muchos elementos de parámetro. This vulnerability allows r... • https://www.exploit-db.com/exploits/34358 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 75%CPEs: 72EXPL: 1CVE-2010-2752 – Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2752
20 Jul 2010 — Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. Un desbordamiento de enteros en una clase de matriz en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones ... • https://www.exploit-db.com/exploits/15104 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •