CVSS: 9.3EPSS: 37%CPEs: 212EXPL: 0CVE-2010-3166 – nsTextFrameUtils:: TransformText (MFSA 2010-53)
https://notcve.org/view.php?id=CVE-2010-3166
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run. Desbordamiento de búfer basado en memoria dinámica en la función nsTextFrameUtils::TransformText en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 podría permitir a atacantes remotos ejecutar código arbitrario a través de un recorrido de texto bidireccional. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100112690 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http://www.mozilla.org/security/announce/2010/mfsa2010-53.html http://www.securityfocus.com/bid/43102 http:/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 9.3EPSS: 23%CPEs: 212EXPL: 0CVE-2010-2767 – Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
https://notcve.org/view.php?id=CVE-2010-2767
The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via crafted access to the navigator object, related to a "dangling pointer vulnerability." La aplicación navigator.plugins en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 no controla correctamente la destrucción del plugin matriz DOM, lo que podría permitir a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o ejecutar código arbitrario a través de un acceso manipulado al navegador de objetos, relacionados con una vulnerabilidad "de puntero colgado". • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100110210 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http:/&#x • CWE-399: Resource Management Errors •
CVSS: 5.1EPSS: 0%CPEs: 212EXPL: 0CVE-2010-2768 – Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
https://notcve.org/view.php?id=CVE-2010-2768
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding. Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 no restringe adecuadamente el uso del atributo type de un elemento OBJECT para establecer un conjunto de caracteres del documento, lo que permite a atacantes remotos eludir mecanismos de protección de ejecución de secuencias de comandos (XSS) a través de codificación UTF-7. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100110210 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http:/&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 29%CPEs: 212EXPL: 0CVE-2010-2765 – Mozilla Frameset integer overflow vulnerability (MFSA 2010-50)
https://notcve.org/view.php?id=CVE-2010-2765
Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. Desbordamiento de entero en la implementación del elemento FRAMESET en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, SeaMonkey anterior a v2.0.7 podría permitir a atacantes remotos ejecutar código arbitrario a través de un gran número de valores en los atributos cols (también conocidos como columnas), dando lugar a un desbordamiento de búfer basado en memoria dinámica • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100110210 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http:/&#x • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 63%CPEs: 212EXPL: 0CVE-2010-2766 – Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2766
The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code via vectors involving access to a deleted object. La función normalizeDocument en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, SeaMonkey anterior a v2.0.7 no maneja correctamente la eliminación de nodos DOM durante la normalización, lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores que impliquen el acceso a un objeto eliminado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument function defined within nsDocument.cpp. When handling children nodes the code does not account for a varying number of children during normalization. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http://www.mozilla.org/security/announce/2010/mfsa2010-57.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •