CVSS: 9.8EPSS: 4%CPEs: 51EXPL: 0CVE-2009-3389 – Gentoo Linux Security Advisory 201312-04
https://notcve.org/view.php?id=CVE-2009-3389
17 Dec 2009 — Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. Un desbordamiento de entero en libtheora en Xiph.Org Theora antes de v1.1, tal como se utiliza en Mozilla Firefox v3.5 antes de v3.5.6 y SeaMonkey antes de v2.0.1, permite a atacantes remotos causar una denegación de servicio (mediante ... • http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 61%CPEs: 56EXPL: 1CVE-2009-3373 – Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3373
29 Oct 2009 — Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en el parseador de imágenes GIF en Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/33313 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 1%CPEs: 52EXPL: 0CVE-2009-3376 – Firefox download filename spoofing with RTL override
https://notcve.org/view.php?id=CVE-2009-3376
29 Oct 2009 — Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, no maneja adecuadamente una anulación de carácter Unicode "rig... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-16: Configuration •
CVSS: 9.8EPSS: 8%CPEs: 52EXPL: 0CVE-2009-3372 – Firefox crash in proxy auto-configuration regexp parsing
https://notcve.org/view.php?id=CVE-2009-3372
29 Oct 2009 — Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de un expresión regular manipulada en un fichero de autoconfiguración de proxy. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 •
CVSS: 5.3EPSS: 0%CPEs: 79EXPL: 0CVE-2008-6961
https://notcve.org/view.php?id=CVE-2008-6961
13 Aug 2009 — mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. mailnews en Mozilla Thunderbird anteriores a v2.0.0.18 y SeaMonkey anteriores a v1.1.13, cuando JavaScript es habilita en correo electrónico, permite a los atacantes remotos obtener información sensible acerca de... • http://secunia.com/advisories/32714 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-2408 – firefox/nss: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2009-2408
30 Jul 2009 — Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v... • http://isc.sans.org/diary.html?storyid=7003 • CWE-295: Improper Certificate Validation •
CVSS: 10.0EPSS: 48%CPEs: 117EXPL: 1CVE-2009-2464 – Mozilla Firefox 3.0.11 and Thunderbird 2.0.9 - RDF File Handling Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2009-2464
22 Jul 2009 — The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. El nsXULTemplateQueryProcessorRDF::CheckIsSeparator function en Mozilla Firefox anteriores a v3.0.12, SeaMonkey v2.0a1pre, y Thunderbird permite a atacantes remotos causar una d... • https://www.exploit-db.com/exploits/33101 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 185EXPL: 2CVE-2009-2535 – Multiple Browsers - Denial of Service
https://notcve.org/view.php?id=CVE-2009-2535
20 Jul 2009 — Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero gran... • https://www.exploit-db.com/exploits/9160 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 9%CPEs: 108EXPL: 0CVE-2009-2210 – Thunderbird mail crash
https://notcve.org/view.php?id=CVE-2009-2210
25 Jun 2009 — Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. Mozilla Thunderbird en versiones anteriores a la 2.0.0.22 y SeaMonkey en versiones anteriores a la 1.1.17 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecu... • http://secunia.com/advisories/35561 •
CVSS: 6.5EPSS: 20%CPEs: 132EXPL: 2CVE-2009-1834 – Mozilla Firefox 3.0.10 / SeaMonkey 1.1.16 - Address Bar URI Spoofing
https://notcve.org/view.php?id=CVE-2009-1834
12 Jun 2009 — Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. Vulnerabilidad de truncado visual en netwerk/dns/src/nsIDNService.cpp en Mozilla Firefox anterior a v3.0.11 y SeaMonkey anterior a v1.1.17 permite a atacantes remotos sustituir la barra de direccione... • https://www.exploit-db.com/exploits/33039 • CWE-20: Improper Input Validation •