CVSS: 5.1EPSS: 1%CPEs: 251EXPL: 1CVE-2011-0071 – Mozilla directory traversal via resource protocol (MFSA 2011-16)
https://notcve.org/view.php?id=CVE-2011-0071
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. Vulnerabilidad de salto de directorio en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10, y SeaMonkey anterior a v2.0.14 en Windows permite a atacantes remotos determinar la existencia de ficheros arbitrarios, y posiblemente cargar recursos mediante vectores que comprenden un recurso: URL. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-16.html https://bugzilla.mozilla.org/show_bug.cgi?id=624764 https://oval.cisecurity.org/repository/search/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.1EPSS: 0%CPEs: 164EXPL: 1CVE-2011-0067 – Mozilla untrusted events can trigger autocomplete popup (MFSA 2011-14)
https://notcve.org/view.php?id=CVE-2011-0067
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. Mozilla Firefox v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no implementa adecuadamente el autocompletado de formularios, permitiendo a atacantes remotos leer las entradas del historial de formularios a través de un applet de Java que falsifica la interacción con los controles de autocompletado. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce/2011/mfsa2011-14.html https://bugzilla.mozilla.org/show_bug.cgi?id=527935 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14523 https://access.redhat • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 18%CPEs: 176EXPL: 1CVE-2011-0069 – Mozilla javascript crash (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0069
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.1; Thunderbird anterior a v3.1.10; y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0070. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus. •
CVSS: 10.0EPSS: 20%CPEs: 163EXPL: 0CVE-2011-0075 – Mozilla crash from bad iframe source (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0075
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, y CVE-2011 0078. • http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus.com/bid/47647 https& •
CVSS: 10.0EPSS: 59%CPEs: 163EXPL: 0CVE-2011-0080 – Mozilla memory safety issue (MFSA 2011-12)
https://notcve.org/view.php?id=CVE-2011-0080
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Multiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v.3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/ •