CVSS: 10.0EPSS: 8%CPEs: 65EXPL: 0CVE-2010-1209 – Mozilla Firefox NodeIterator Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1209
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. Una vulnerabilidad de uso de la memoria previamente liberada en la implementación de NodeIterator en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a los atacantes remotos ejecutar código arbitrario por medio de un NodeFilter especialmente diseñado que separa nodos DOM, relacionados con la interfaz NodeIterator y una devolución de llamada javascript. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the NodeIterator interface for traversal of the Document Object Model. Due to the implementation requiring a javascript callback, an attacker can utilize the callback in order to manipulate the contents of the page. • http://www.mozilla.org/security/announce/2010/mfsa2010-36.html http://www.securityfocus.com/archive/1/512511 http://www.securityfocus.com/bid/41845 http://www.zerodayinitiative.com/advisories/ZDI-10-130 https://bugzilla.mozilla.org/show_bug.cgi?id=552110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11055 https://access.redhat.com/security/cve/CVE-2010-1209 https://bugzilla.redhat.com/show_bug.cgi?id=615459 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 79%CPEs: 72EXPL: 1CVE-2010-2752 – Mozilla Firefox CSS font-face Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2752
Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. Un desbordamiento de enteros en una clase de matriz en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0.6 y versiones 3.1.x anteriores a 3.1.1, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a los atacantes remotos ejecutar código arbitrario mediante la colocación de muchos valores de Cascading Style Sheets (CSS) en una matriz, relacionada con referencias a recursos de fuente externa y una inconsistencia entre enteros de 16 bits y 32 bits. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling of references to external font resources. A value is used as a 16 bit integer in an array allocation and later as 32 bit when iterating over and then populating these fields. • https://www.exploit-db.com/exploits/15104 http://www.mozilla.org/security/announce/2010/mfsa2010-39.html http://www.securityfocus.com/archive/1/512514 http://www.securityfocus.com/bid/41852 http://www.zerodayinitiative.com/advisories/ZDI-10-133 https://bugzilla.mozilla.org/show_bug.cgi?id=574059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11680 https://access.redhat.com/security/cve/CVE-2010-2752 https://bugzilla.redhat.com/show_bug.cgi? • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 73%CPEs: 65EXPL: 2CVE-2010-1214 – Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1214
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. Desbordamiento de entero en Mozilla Firefox v3.5.x anteriores a la v3.5.11 y v3.6.x anteriores a la v3.6.7, y SeaMonkey en versiones anteriores a la v2.0.6, permite a atacantes remotos ejecutar código de elección a través del "plugin content" con muchos elementos de parámetro. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browser's method for parsing child elements out of a particular tag. The application will use a 32-bit index to enumerate them, but will store it in a 16-bit signed integer and then use it to allocate space for a cache. • https://www.exploit-db.com/exploits/34358 https://www.exploit-db.com/exploits/15027 http://www.mozilla.org/security/announce/2010/mfsa2010-37.html https://bugzilla.mozilla.org/show_bug.cgi?id=572985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685 https://access.redhat.com/security/cve/CVE-2010-1214 https://bugzilla.redhat.com/show_bug.cgi?id=615462 • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 20%CPEs: 65EXPL: 2CVE-2010-1206 – Firefox: Spoofing attacks via vectors involving 'No Content' status code or via a windows.stop call
https://notcve.org/view.php?id=CVE-2010-1206
The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. La función startDocumentLoad en el archivo browser/base/content/browser.js en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, y SeaMonkey anterior a versión 2.0.6, de Mozilla, no implementa apropiadamente el Política del Mismo Origen en ciertas circunstancias relacionadas con el documento about:blank y un documento que se está cargando actualmente, lo que permite a (1) servidores web remotos conducir ataques de suplantación de identidad por medio de vectores que involucran un código de estado 204 (también se conoce como Sin Contenido), y permite a (2) atacantes remotos dirigir ataques de falsificación de identidad por medio de vectores que involucran una llamada a window.stop. • http://hg.mozilla.org/mozilla-central/rev/cadddabb1178 http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html http://secunia.com/advisories/40283 http://www.mozilla.org/security/announce/2010/mfsa2010-45.html https://bugzilla.mozilla.org/show_bug.cgi?id=556957 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8248 https://access.redhat.com/security/cve/CVE-2010-1206 https://bugzilla.redhat.com/show_bug.cgi?id=608763 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 2%CPEs: 238EXPL: 1CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. El método nsIScriptableUnescapeHTML.parseFragment en el mecanismo de protección ParanoidFragmentSink en Mozilla Firefox en versiones anteriores a 3.5.17 y 3.6.x en versiones anteriores a 3.6.14, Thunderbird en versiones anteriores a 3.1.8 y SeaMonkey en versiones anteriores a 2.0.12 no desinfecta adecuadamente HTML en un documento chrome, lo que hace más fácil a atacantes remotos ejecutar JavaScript arbitrario con privilegios de chrome a través de un javascript: URI en entrada a una extensión, como se demuestra por una secuencia javascript:alert en el atributo (1) HREF de un elemento A o el atributo (2) ACTION de un elemento FORM. • http://downloads.avaya.com/css/P8/documents/100133195 http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf http://www.securityfocus.com/archive/1/510883/100/0/threaded https://bug • CWE-20: Improper Input Validation •