CVSS: 6.8EPSS: 0%CPEs: 157EXPL: 0CVE-2011-0059 – Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)
https://notcve.org/view.php?id=CVE-2011-0059
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Mozilla Firefox en versiones anteriores a la 3.5.17 y 3.6.x anteriores a la 3.6.14 y SeaMonkey anteriores a 2.0.12. Permite a atacantes remotos secuestrar ("hijack") la autenticación de usuarios arbitrarios para peticiones que fueron iniciadas por un complemento y reciben una redirección 307 a una página de un diferente sitio web. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-10.html http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.securityfocus.com/bid/46652 https://bugzilla.mozilla.org/show_bug.cgi?id=573873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473 https://acce • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 19%CPEs: 157EXPL: 0CVE-2011-0054 – Mozilla Buffer overflow in JavaScript upvarMap (MFSA 2011-04)
https://notcve.org/view.php?id=CVE-2011-0054
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. Desbordamiento de búfer en el motor JavaScript de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores con variables JavaScript no locales. También conocido como el problema "upvarMap". • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-04.html http://www.securityfocus.com/bid/46648 https://bugzilla.mozilla.org/show_bug.cgi?id=615657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14018 https://access.redhat.com/security/cve/CVE-2011-0054 https://bugzilla.redhat.com/show_bug.cgi?id=675091 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 2%CPEs: 157EXPL: 0CVE-2011-0051 – Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
https://notcve.org/view.php?id=CVE-2011-0051
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, no controla correctamente ciertas llamadas eval recursivas, lo que facilita a los atacantes remotos a la hora de obligar al usuario local a responder positivamente a una pregunta de diálogo, como se puede demostrar con una pregunta sobre la concesión de privilegios. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-02.html http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html https://bugzilla.mozilla.org/show_bug.cgi?id=616659 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 22%CPEs: 160EXPL: 0CVE-2011-0058 – Mozilla memory corruption during text run construction (MFSA 2011-07)
https://notcve.org/view.php?id=CVE-2011-0058
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. Desbordamiento de búfer en Mozilla Firefox antes de v3.5.17 y en v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, bajo Windows, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (por corrupción de memoria) a través de una cadena demasiado larga que desencadena construcción de un texto largo. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-07.html http://www.securityfocus.com/bid/46660 https://bugzilla.mozilla.org/show_bug.cgi?id=607160 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254 https://access.redhat.com/security/cve/CVE-2011-0058 https://bugzilla.redhat.com/show_bug.cgi?id=675143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 8%CPEs: 149EXPL: 0CVE-2011-0061 – Mozilla crash caused by corrupted JPEG image (MFSA 2011-09)
https://notcve.org/view.php?id=CVE-2011-0061
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Desbordamiento de buffer en Mozilla Firefox 3.6.x anteriores a la versión 3.6.14, Thunderbird en versiones anteriores a la 3.1.8 y SeaMonkey anteriores a 2.0.12. Pueden permitir a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de una imagen JPEG modificada. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-09.html http://www.securityfocus.com/bid/46651 https://bugzilla.mozilla.org/show_bug.cgi?id=610601 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486 https://access.redhat.com/security/cve/CVE-2011-0061 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •