CVE-2011-0073 – Mozilla Firefox nsTreeRange Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0073
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no utiliza correctamente las estructuras de datos nsTreeRange, permitiendo a atacantes remotos ejecutar código arbitrario a través de vectores no especificados produciendo un "dangling pointer". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Firefox handles user defined functions of a nsTreeSelection element. When executing the function invalidateSelection it is possible to free the nsTreeSelection object that the function operates on. • https://www.exploit-db.com/exploits/17419 https://www.exploit-db.com/exploits/17520 http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://securityreason.com/securityalert/8310 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce& • CWE-20: Improper Input Validation •
CVE-2011-1712
https://notcve.org/view.php?id=CVE-2011-1712
The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function. La función txXPathNodeUtils::getXSLTId en los archivos txMozillaXPathTreeWalker.cpp y txStandaloneXPathTreeWalker.cpp en Mozilla Firefox anterior a versión 3.5.19, versiones 3.6.x anteriores a 3.6.17 y versiones 4.x anteriores a 4.0.1, y SeaMonkey anterior a versión 2.0.14, permite a los atacantes remotos obtener información potencialmente confidencial sobre las direcciones de memoria de la pila por medio de un documento XML que contiene una llamada a la función XSLT generate-id XPath. • http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html http://www.mozilla.org/security/announce/2011/mfsa2011-18.html https://bugzilla.mozilla.org/show_bug.cgi?id=640339 https://exchange.xforce.ibmcloud.com/vulnerabilities/66836 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14467 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-1187
https://notcve.org/view.php?id=CVE-2011-1187
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Google Chrome en versiones anteriores a la 10.0.648.127 permite a atacantes remotos evitar la política de mismo origen ("Same Origin Policy") a través de vectores sin especificar. Relacionado con un "error message leak". • http://code.google.com/p/chromium/issues/detail?id=69187 http://googlechromereleases.blogspot.com/2011/03/chrome-stable-release.html http://secunia.com/advisories/48972 http://secunia.com/advisories/49047 http://secunia.com/advisories/49055 http://www.mozilla.org/security/announce/2012/mfsa2012-32.html http://www.securityfocus.com/bid/46785 http://www.vupen.com/english/advisories/2011/0628 https://bugzilla.mozilla.org/show_bug.cgi?id=624621 https://exchange.xforce.ibmcloud.com/v • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-0053 – Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
https://notcve.org/view.php?id=CVE-2011-0053
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, Thunderbird antes de v3.1.8 y SeaMonkey antes de v2.0.12 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-01.html http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.securityfocus.com/bid/46645 https://bugzilla.mozilla.org/show_bug.cgi?id=558531 https://bugzilla.mozilla.org/show_bug.cg •
CVE-2011-0061 – Mozilla crash caused by corrupted JPEG image (MFSA 2011-09)
https://notcve.org/view.php?id=CVE-2011-0061
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Desbordamiento de buffer en Mozilla Firefox 3.6.x anteriores a la versión 3.6.14, Thunderbird en versiones anteriores a la 3.1.8 y SeaMonkey anteriores a 2.0.12. Pueden permitir a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de una imagen JPEG modificada. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-09.html http://www.securityfocus.com/bid/46651 https://bugzilla.mozilla.org/show_bug.cgi?id=610601 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486 https://access.redhat.com/security/cve/CVE-2011-0061 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •