Page 82 of 691 results (0.020 seconds)

CVSS: 9.3EPSS: 84%CPEs: 221EXPL: 1

CVE-2010-3179 – Mozilla Firefox SeaMonkey 3.6.10 / Thunderbird 3.1.4 - 'document.write' Memory Corruption

https://notcve.org/view.php?id=CVE-2010-3179

Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. Un desbordamiento de búfer basado en pila en la funcionalidad text-rendering en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de argumentos largos en el método document.write. • https://www.exploit-db.com/exploits/34881 http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.9EPSS: 0%CPEs: 221EXPL: 0

CVE-2010-3182 – Mozilla unsafe library loading flaw

https://notcve.org/view.php?id=CVE-2010-3182

A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Una secuencia de comandos de ciertas aplicaciones que ejecutan Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y 3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 en Linux coloca un nombre de directorio de longitud cero en LD_LIBRARY_PATH, que permite a usuarios locales conseguir privilegios a través de una biblioteca compartida (caballo de Troya) en el directorio de trabajo actual. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-20 •

CVSS: 5.8EPSS: 0%CPEs: 221EXPL: 0

CVE-2010-3178 – Mozilla cross-site information disclosure via modal calls

https://notcve.org/view.php?id=CVE-2010-3178

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9 no manejan adecuadamente algunas llamadas modales hechas por javascript: en circunstancias relacionadas con la apertura de URLs en nuevas ventanas y navegación entre dominios, permite a atacantes remotos evitar la "Same Origin Policy" mediante un documento HTML manipulado. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050077.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050154.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2124 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:2 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 221EXPL: 0

CVE-2010-3173 – NSS: insecure Diffie-Hellman key exchange

https://notcve.org/view.php?id=CVE-2010-3173

The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La implementación de SSL en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9, no establecen adecuadamente el tamaño mínimo de llave para el modo Diffie-Hellman Ephemeral (DHE), lo que hace más fácil a los atacantes remotos vencer los mecanismos de protección criptográfica a través de ataques de fuerza bruta. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://secunia.com/advisories/41839 http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2123 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mandriva.com/security/advisories?name=MDVSA-2010:211 http://www.mozilla.org/security/announce/2010/mfsa2010-72.h • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 221EXPL: 0

CVE-2010-3170 – firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely

https://notcve.org/view.php?id=CVE-2010-3170

Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey anterior a v2.0.9, reconoce una dirección IP comodín (wildcard) en el campo Common Name del asunto en un certificado X.509, esto podría permitir un ataque de hombre-en-medio (man-in-the-middle o MITM) para falsear servidores SSL de su elección a través de un certificado manipuado enviado por una Autoridad de Certificación (CA) legítima. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html http://secunia.com/advisories/41839 http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100114250 http://support.avaya.com/css/P8/documents/100120156 http://www.debian.org/security/2010/dsa-2123 http://www.mandriva.com/security/advisories?name=MDVSA-2010:210 http://www.mozilla.org/security/announce/2010/mfsa2 • CWE-310: Cryptographic Issues •