Page 82 of 586 results (0.029 seconds)

CVSS: 9.3EPSS: 11%CPEs: 212EXPL: 0

Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. Vulnerabilidad de uso después de la liberación en la función nsTreeSelection en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores que implican la selección de árboles XUL, relacionado con "una vulnerabilidad de puntero colgado". NOTA: este problema existe debido a una corrección incompleta para CVE-2010-2753. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100110210 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http:/&#x • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 42%CPEs: 212EXPL: 0

The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability." La función nsTreeContentView en Mozilla Firefox v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 no maneja correctamente la eliminación de nodos en Árboles XUL, permitiendo a atacantes remotos ejecutar código arbitrario a través de vectores que implican el acceso a la memoria eliminada, relacionado con "vulnerabilidad de puntero colgado". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of a particular element within the XUL namespace. Due to a method for the element having the side effect of executing javascript, an attacker can provide their own javascript code which can be used to remove an object out from underneath the element's child hierarchy. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100110210 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http:/&#x • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 202EXPL: 0

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted function. La clase XPCSafeJSObjectWrapper en la implementación SafeJSObjectWrapper (también conocido como SJOW) en Mozilla Firefox anterior a v3.5.12, Thunderbird anterior a v3.0.7, y SeaMonkey anterior a v2.0.7 no restringe adecuadamente funciones de secuencias de comandos, permitiendo a atacantes remotos eludir la Same Origin Policy y llevar a cabo la ejecución de secuencias de comandos en sitios cruzados (XSS) mediante una función manipulada • http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://www.debian.org/security/2010/dsa-2106 http://www.mozilla.org/security/announce/2010/mfsa2010-60.html http://www.vupen.com/english/advisories/2010/2323 https://bugzilla.mozilla.org/show_bug.cgi?id=585284 https://exchange.xforce.ibmcloud.com/vulnerabilities/61665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 7%CPEs: 212EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de navegación de Mozilla Firefox v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100110210 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http:/&#x •

CVSS: 5.1EPSS: 0%CPEs: 212EXPL: 0

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anterior a v3.5.12 y v3.6.x anterior a v3.6.9, Thunderbird anterior a v3.0.7 y v3.1.x anterior a v3.1.3, y SeaMonkey anterior a v2.0.7 permite a atacantes remotos ayudados por el usuario para inyectar web script o HTML a través de una selección que se agrega a un documento en el que se habilita la propiedad designMode. • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047282.html http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://secunia.com/advisories/42867 http://support.avaya.com/css/P8/documents/100112690 http://www.debian.org/security/2010/dsa-2106 http://www.mandriva.com/security/advisories?name=MDVSA-2010:173 http://www.mozilla.org/security/announce/2010/mfsa2010-62.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •