CVE-2011-2371 – Mozilla Firefox - 'Array.reduceRight()' Integer Overflow
https://notcve.org/view.php?id=CVE-2011-2371
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. Desbordamiento de enteros en el método Array.reduceRight en Mozilla Firefox antes de v3.6.18 y v4.x hasta 4.0.1, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14 permite a atacantes remotos ejecutar código arbitrario a través de vectores que implican un objeto array muy largo en javascript. • https://www.exploit-db.com/exploits/17976 https://www.exploit-db.com/exploits/18531 https://www.exploit-db.com/exploits/17974 http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://securityreason.com/securityalert/8472 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 h • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2011-2373 – Mozilla Use-after-free vulnerability when viewing XUL document with script disabled (MFSA 2011-20)
https://notcve.org/view.php?id=CVE-2011-2373
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. Vulnerabilidad use-after-free en Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, cuando JavaScript está deshabilitado, permite a atacantes remotos ejecutar código de su elección a través de un documento XUL manipulado. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-20.html h • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVE-2011-2362 – Mozilla Cookie isolation error (MFSA 2011-24)
https://notcve.org/view.php?id=CVE-2011-2362
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. Mozilla Firefox antes de la v3.6.18, Thunderbird antes de la v3.1.11, y SeaMonkey hasta la v2.0.14, no distinguen entre las cookies de dos nombres de dominio que difieran sólo en un punto final, lo que permite a los servidores Web remotos eludir la política del mismo origen (Same Origin Policy) a través de las cabeceras Set-Cookie. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-24.html h • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-2377 – Mozilla Crash caused by corrupted JPEG image (MFSA 2011-21)
https://notcve.org/view.php?id=CVE-2011-2377
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. Mozilla Firefox antes de v3.6.18 y v4.x hasta v4.0.1, Thunderbird antes de v3.1.11, y SeaMonkey hasta v2.0.14, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección a través de una imagen multipart/x-mixed-replace. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-21.html http://www.redhat.com/support/errata/RHSA-2011-0885.html http://www.redhat.com/support/errata/RHSA-2011-0886.html http://www.redhat.com/su • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-2363 – Mozilla Firefox SVGPointList.appendItem Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-2363
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. Vulnerabilidad de uso después de la liberación en la función nsSVGPointList::AppendElement en la implementación de listas de elementos SVG en Mozilla Firefox antes de v3.6.18, Thunderbird antes de v3.1.11 y Seamonkey hasta v2.0.14, permite a atacantes remotos producir una denegación de servicio (caída de aplicación) o posiblemente ejecutar código arbitrario mediante vectores que incluyen la llamada a user-supplied This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the code responsible for parsing SVG polygon objects. The code within nsSVGPointList::AppendElement() does not account for user defined getter methods modifying or destroying the parent object during a repaint. An attacker can abuse this flaw to create a dangling pointer which is referenced during the traversal of the SVG container hierarchy. • http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html http://secunia.com/advisories/45002 http://support.avaya.com/css/P8/documents/100144854 http://support.avaya.com/css/P8/documents/100145333 http://www.debian.org/security/2011/dsa-2268 http://www.debian.org/security/2011/dsa-2269 http://www.debian.org/security/2011/dsa-2273 http://www.mandriva.com/security/advisories?name=MDVSA-2011:111 http://www.mozilla.org/security/announce/2011/mfsa2011-23.html h • CWE-399: Resource Management Errors •