CVSS: 9.3EPSS: 2%CPEs: 238EXPL: 1CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. El método nsIScriptableUnescapeHTML.parseFragment en el mecanismo de protección ParanoidFragmentSink en Mozilla Firefox en versiones anteriores a 3.5.17 y 3.6.x en versiones anteriores a 3.6.14, Thunderbird en versiones anteriores a 3.1.8 y SeaMonkey en versiones anteriores a 2.0.12 no desinfecta adecuadamente HTML en un documento chrome, lo que hace más fácil a atacantes remotos ejecutar JavaScript arbitrario con privilegios de chrome a través de un javascript: URI en entrada a una extensión, como se demuestra por una secuencia javascript:alert en el atributo (1) HREF de un elemento A o el atributo (2) ACTION de un elemento FORM. • http://downloads.avaya.com/css/P8/documents/100133195 http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf http://www.securityfocus.com/archive/1/510883/100/0/threaded https://bug • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 29%CPEs: 144EXPL: 0CVE-2010-0181
https://notcve.org/view.php?id=CVE-2010-0181
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. Mozilla Firefox anteriores a v3.5.9 y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, ejecuta la aplicación de correo en situaciones donde un elemento IMG tiene un atributo SRC que redirigido a una URL mailto:, lo que permite a atacantes remotos producir una denegación de servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con muchas imágenes. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39397 http://ubuntu.com/usn/usn-921-1 http://websecurity.com.ua/4206 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-23.html http://www.securityfocus.com/archive/1/511327/100/0/threaded http://www.vupen.com/english/advisories/2010/0748 http://www.vupen.com/engl • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 2%CPEs: 144EXPL: 0CVE-2010-0178 – Firefox Chrome privilege escalation via forced URL drag and drop
https://notcve.org/view.php?id=CVE-2010-0178
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, no impide que los applets interpreten los clicks del ratón como acciones drag-and-drop, lo que permite a atacantes remotos ejecutar JavaScript arbitrario con privilegios chrome mediante la carga de un chrome: URL cuando se carga un JavaScript : URL. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39240 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 http://securitytracker.com/id?1023776 http://ubuntu.com/usn/usn-921-1 http://www.debian.org/security/2010/dsa-2027 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/201 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 7%CPEs: 206EXPL: 0CVE-2010-0173
https://notcve.org/view.php?id=CVE-2010-0173
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.9 y v3.6.x antes de v3.6.2, en Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y la aplicación de choque ) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39242 http://secunia.com/advisories/39243 http://secunia.com/advisories/39397 http://securitytracker.com/id?1023775 http://securitytracker.com/id?1023781 http:&#x •
CVSS: 5.1EPSS: 1%CPEs: 203EXPL: 0CVE-2010-0179 – Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy
https://notcve.org/view.php?id=CVE-2010-0179
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. Mozilla Firefox anteriores a v3.0.19 y v3.5.x anteriores a v3.5.8, y SeaMonkey anteriores a v2.0.3, cuando se utiliza el modulo XMLHttpRequestSpy en el complemento Firebug, no gestiona adecuadamente la interacción entre el objeto XMLHttpRequestSpy y los objetos con privilegios chrome, lo que permite a atacantes remotos ejecutar JavaScript de forma arbitraria a través de peticiones HTTP manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://secunia.com/advisories/3924 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 http://secunia.com/advisories/42818 http://securitytracker.com/id?1023783 http://support.avaya.com/css/P8/documents/100124650 http://ubuntu.com/usn/usn-921-1 http://www.debian.org/security& • CWE-94: Improper Control of Generation of Code ('Code Injection') •