CVSS: 6.1EPSS: 1%CPEs: 67EXPL: 0CVE-2010-0162 – Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)
https://notcve.org/view.php?id=CVE-2010-0162
21 Feb 2010 — Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. Mozilla Firefox v3.0.x anteriores v3.0.18 y v3.5.x anteriores v3.5.8, y SeaMonkey before v2.0.3,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 1%CPEs: 71EXPL: 1CVE-2010-0654 – firefox: cross-domain information disclosure
https://notcve.org/view.php?id=CVE-2010-0654
18 Feb 2010 — Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which allows remote attackers to obtain sensitive information via a crafted document. Mozilla Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0... • http://code.google.com/p/chromium/issues/detail?id=9877 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 156EXPL: 0CVE-2009-3986 – Mozilla Chrome privilege escalation via window.opener
https://notcve.org/view.php?id=CVE-2009-3986
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos ejecutar código JavaScript arbitrario con privilegios al aprovechar una referencia a una ventana de chrome desd... • http://secunia.com/advisories/37699 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 156EXPL: 0CVE-2009-3985 – Mozilla URL spoofing via invalid document.location
https://notcve.org/view.php?id=CVE-2009-3985
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos asociar contenido falsificado con una URL inválida estableciendo el ... • http://secunia.com/advisories/37699 •
CVSS: 6.8EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3984 – Mozilla SSL spoofing with document.location and empty SSL response page
https://notcve.org/view.php?id=CVE-2009-3984
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite a atacantes remotos suplantar un indicador de SSL para una URL o fichero HTTP URL estableciendo... • http://secunia.com/advisories/37699 •
CVSS: 9.3EPSS: 1%CPEs: 51EXPL: 0CVE-2009-3388
https://notcve.org/view.php?id=CVE-2009-3388
17 Dec 2009 — liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." liboggplay en Mozilla Firefox v3.5.x antes de v3.5.6 y SeaMonkey antes de v2.0.1 podría permitir a atacantes dependientes de contexto causar una denegación de servicio (por caída de la aplicación) o ejecutar código arbitrario a través de vectores no especificad... • http://secunia.com/advisories/37699 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 52EXPL: 0CVE-2009-3980
https://notcve.org/view.php?id=CVE-2009-3980
17 Dec 2009 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x antes de v3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permiten a atacantes remotos provocar una denegación de servicio (por c... • http://secunia.com/advisories/37699 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 157EXPL: 0CVE-2009-3983 – Mozilla NTLM reflection vulnerability
https://notcve.org/view.php?id=CVE-2009-3983
17 Dec 2009 — Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. Mozilla Firefox en versiones anteriores a v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, permite enviar solicitudes autenticadas a aplicaciones arbitrarias a atacantes remotos respondiendo a las credenciales NTLM de un usuario del navegador. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html •
CVSS: 7.8EPSS: 0%CPEs: 156EXPL: 0CVE-2009-3987
https://notcve.org/view.php?id=CVE-2009-3987
17 Dec 2009 — The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. La función GeckoActiveXObject en Mozilla Firefox antes de v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonk... • http://secunia.com/advisories/37699 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 5%CPEs: 152EXPL: 0CVE-2009-3981 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-3981
17 Dec 2009 — Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox antes de v3.0.16, SeaMonkey antes de v2.0.1 y Thunderbird permite a atacantes remotos provocar una denegación de servicio (mediante corrupción de la memoria y bloq... • http://secunia.com/advisories/37699 •