CVSS: 10.0EPSS: 42%CPEs: 238EXPL: 0CVE-2011-0053 – Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
https://notcve.org/view.php?id=CVE-2011-0053
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, Thunderbird antes de v3.1.8 y SeaMonkey antes de v2.0.12 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores desconocidos. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-01.html http://www.redhat.com/support/errata/RHSA-2011-0312.html http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.securityfocus.com/bid/46645 https://bugzilla.mozilla.org/show_bug.cgi?id=558531 https://bugzilla.mozilla.org/show_bug.cg •
CVSS: 9.3EPSS: 8%CPEs: 149EXPL: 0CVE-2011-0061 – Mozilla crash caused by corrupted JPEG image (MFSA 2011-09)
https://notcve.org/view.php?id=CVE-2011-0061
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Desbordamiento de buffer en Mozilla Firefox 3.6.x anteriores a la versión 3.6.14, Thunderbird en versiones anteriores a la 3.1.8 y SeaMonkey anteriores a 2.0.12. Pueden permitir a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de una imagen JPEG modificada. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-09.html http://www.securityfocus.com/bid/46651 https://bugzilla.mozilla.org/show_bug.cgi?id=610601 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14486 https://access.redhat.com/security/cve/CVE-2011-0061 https:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 15%CPEs: 157EXPL: 0CVE-2011-0057 – Mozilla use-after-free error using Web Workers (MFSA 2011-06)
https://notcve.org/view.php?id=CVE-2011-0057
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection. Vulnerabilidad de uso después de liberación en la implementación de Web Workers para Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, permite a atacantes remotos ejecutar código arbitrario a través de vectores relacionados con un JavaScript Worker y con la recolección de basura. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-06.html http://www.securityfocus.com/bid/46663 https://bugzilla.mozilla.org/show_bug.cgi?id=626631 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14200 https://access.redhat.com/security/cve/CVE-2011-0057 https://bugzilla.redhat.com/show_bug.cgi?id=675093 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 22%CPEs: 160EXPL: 0CVE-2011-0058 – Mozilla memory corruption during text run construction (MFSA 2011-07)
https://notcve.org/view.php?id=CVE-2011-0058
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run. Desbordamiento de búfer en Mozilla Firefox antes de v3.5.17 y en v3.6.x antes de v3.6.14, y SeaMonkey antes de v2.0.12, bajo Windows, permite a atacantes remotos ejecutar código arbitrario o causar una denegación de servicio (por corrupción de memoria) a través de una cadena demasiado larga que desencadena construcción de un texto largo. • http://downloads.avaya.com/css/P8/documents/100133195 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-07.html http://www.securityfocus.com/bid/46660 https://bugzilla.mozilla.org/show_bug.cgi?id=607160 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14254 https://access.redhat.com/security/cve/CVE-2011-0058 https://bugzilla.redhat.com/show_bug.cgi?id=675143 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 157EXPL: 0CVE-2011-0059 – Mozilla CSRF risk with plugins and 307 redirects (MFSA 2011-10)
https://notcve.org/view.php?id=CVE-2011-0059
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Mozilla Firefox en versiones anteriores a la 3.5.17 y 3.6.x anteriores a la 3.6.14 y SeaMonkey anteriores a 2.0.12. Permite a atacantes remotos secuestrar ("hijack") la autenticación de usuarios arbitrarios para peticiones que fueron iniciadas por un complemento y reciben una redirección 307 a una página de un diferente sitio web. • http://downloads.avaya.com/css/P8/documents/100133195 http://support.avaya.com/css/P8/documents/100128655 http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mozilla.org/security/announce/2011/mfsa2011-10.html http://www.redhat.com/support/errata/RHSA-2011-0313.html http://www.securityfocus.com/bid/46652 https://bugzilla.mozilla.org/show_bug.cgi?id=573873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14473 https://acce • CWE-352: Cross-Site Request Forgery (CSRF) •