CVSS: 10.0EPSS: 27%CPEs: 163EXPL: 0CVE-2011-0074 – Mozilla crash from several marquee elements (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0074
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, y CVE-2011-0078. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/ •
CVSS: 5.1EPSS: 1%CPEs: 251EXPL: 1CVE-2011-0071 – Mozilla directory traversal via resource protocol (MFSA 2011-16)
https://notcve.org/view.php?id=CVE-2011-0071
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. Vulnerabilidad de salto de directorio en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10, y SeaMonkey anterior a v2.0.14 en Windows permite a atacantes remotos determinar la existencia de ficheros arbitrarios, y posiblemente cargar recursos mediante vectores que comprenden un recurso: URL. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-16.html https://bugzilla.mozilla.org/show_bug.cgi?id=624764 https://oval.cisecurity.org/repository/search/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 59%CPEs: 163EXPL: 0CVE-2011-0080 – Mozilla memory safety issue (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0080
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Multiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v.3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/ •
CVSS: 10.0EPSS: 18%CPEs: 176EXPL: 1CVE-2011-0070 – Mozilla double free flaw (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0070
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.1; Thunderbird anterior a v3.1.10; y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0069. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus. •
CVSS: 10.0EPSS: 96%CPEs: 164EXPL: 3CVE-2011-0073 – Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0073
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no utiliza correctamente las estructuras de datos nsTreeRange, permitiendo a atacantes remotos ejecutar código arbitrario a través de vectores no especificados produciendo un "dangling pointer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element. When executing the function invalidateSelection it is possible to free the nsTreeSelection object that the function operates on. • https://www.exploit-db.com/exploits/17419 https://www.exploit-db.com/exploits/17520 http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://securityreason.com/securityalert/8310 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce& • CWE-20: Improper Input Validation •