CVSS: 9.3EPSS: 13%CPEs: 55EXPL: 0CVE-2010-0183
https://notcve.org/view.php?id=CVE-2010-0183
23 Jun 2010 — Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. Vulnerabilidad de uso después de la liberación (Use-after-free) en la función nsCycleCollector::MarkRoots en Mozilla Firefox v3.5.x anterior v3.5.10 y SeaMonkey anteior v2.0.5 permite a atacantes remotos ejecutar código de su elecció... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 20%CPEs: 100EXPL: 0CVE-2010-1196 – nsGenericDOMDataNode:: SetTextInternal
https://notcve.org/view.php?id=CVE-2010-1196
23 Jun 2010 — Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función GenericDOMDataNode::SetTextInternal en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterio... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 6.1EPSS: 0%CPEs: 58EXPL: 0CVE-2010-1197 – Content-Disposition: attachment ignored if Content-Type: multipart also present
https://notcve.org/view.php?id=CVE-2010-1197
23 Jun 2010 — Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, y SeaMonkey anterior v2.0.5, no maneja adecuadamente situaciones en que "Content-Disposition: attachment" y ... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 22%CPEs: 58EXPL: 0CVE-2010-1198 – Mozilla Freed object reuse across plugin instances
https://notcve.org/view.php?id=CVE-2010-1198
23 Jun 2010 — Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances. Vulnerabilidad de uso después de la liberación (Use-after-free) en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, y SeaMonkey anterior v2.0.5, permite a atacantes remotos ejecutar código de su elección a través de vectores involucrados en múltiples instancias plugin. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 7%CPEs: 100EXPL: 0CVE-2010-1200 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1200
23 Jun 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 9.3EPSS: 9%CPEs: 97EXPL: 1CVE-2010-1201
https://notcve.org/view.php?id=CVE-2010-1201
23 Jun 2010 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 9.3EPSS: 53%CPEs: 100EXPL: 0CVE-2010-1202 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1202
23 Jun 2010 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidad no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey permite a... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html •
CVSS: 10.0EPSS: 76%CPEs: 100EXPL: 3CVE-2010-1199 – Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1199
23 Jun 2010 — Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Desbordamiento de enteros en la implementación del nodo de ordenación XSLT en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su ele... • https://www.exploit-db.com/exploits/34192 • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 2%CPEs: 238EXPL: 1CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
28 Apr 2010 — The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 4%CPEs: 206EXPL: 0CVE-2010-0173
https://notcve.org/view.php?id=CVE-2010-0173
05 Apr 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.9 y v3.6.x antes de v3.6.2, en Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 per... • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html •