CVSS: 5.1EPSS: 0%CPEs: 73EXPL: 0CVE-2010-1213 – Mozilla Cross-origin data disclosure via Web Workers and importScripts
https://notcve.org/view.php?id=CVE-2010-1213
The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted HTML document. El método importScripts Web Worker en Mozilla Firefox v3.5.x anteriores a la v3.5.11 y v3.6.x anteriores a la v3.6.7, Thunderbird v3.0.x anteriores a la v3.0.6 and v3.1.x anteriores a la v3.1.1, y SeaMonkey en versiones anteriores a la v2.0.6 no verifican que el contenido es código JavaScript válido, lo que permite a atacantes remotos evitar la política de mismo origen y obtener información confidencial a través de un documento HTML modificado. • http://www.mozilla.org/security/announce/2010/mfsa2010-42.html https://bugzilla.mozilla.org/show_bug.cgi?id=568148 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11835 https://access.redhat.com/security/cve/CVE-2010-1213 https://bugzilla.redhat.com/show_bug.cgi?id=615471 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 13%CPEs: 3EXPL: 0CVE-2010-1208 – Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1208
Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. Una vulnerabilidad de uso de la memoria previamente liberada en la funcionalidad de clonación de atributos en la implementación DOM en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones a 3.6.x anteriores a 3.6.7, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores relacionados a la eliminación de un nodo de atributo de evento con un conteo de referencia diferente de cero. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a workaround that was implemented in order to support recursive cloning of attribute nodes. If an event is added to the first attribute node, the application can be made to free the node, and then later access a reference to it. • http://www.mozilla.org/security/announce/2010/mfsa2010-35.html http://www.securityfocus.com/archive/1/512515 http://www.securityfocus.com/bid/41849 http://www.zerodayinitiative.com/advisories/ZDI-10-134 https://bugzilla.mozilla.org/show_bug.cgi?id=572986 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11740 https://access.redhat.com/security/cve/CVE-2010-1208 https://bugzilla.redhat.com/show_bug.cgi?id=615458 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 8%CPEs: 65EXPL: 0CVE-2010-1209 – Mozilla Firefox NodeIterator Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1209
Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. Una vulnerabilidad de uso de la memoria previamente liberada en la implementación de NodeIterator en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a los atacantes remotos ejecutar código arbitrario por medio de un NodeFilter especialmente diseñado que separa nodos DOM, relacionados con la interfaz NodeIterator y una devolución de llamada javascript. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the NodeIterator interface for traversal of the Document Object Model. Due to the implementation requiring a javascript callback, an attacker can utilize the callback in order to manipulate the contents of the page. • http://www.mozilla.org/security/announce/2010/mfsa2010-36.html http://www.securityfocus.com/archive/1/512511 http://www.securityfocus.com/bid/41845 http://www.zerodayinitiative.com/advisories/ZDI-10-130 https://bugzilla.mozilla.org/show_bug.cgi?id=552110 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11055 https://access.redhat.com/security/cve/CVE-2010-1209 https://bugzilla.redhat.com/show_bug.cgi?id=615459 • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 10.0EPSS: 13%CPEs: 14EXPL: 1CVE-2010-2753 – Mozilla Firefox nsTreeSelection Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-2753
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-free. Un desbordamiento de enteros en Firefox versiones 3.5.x anteriores a 3.5.11 y versiones 3.6.x anteriores a 3.6.7, Thunderbird versiones 3.0.x anteriores a 3.0.6 y versiones 3.1.x anteriores a 3.1.1, y SeaMonkey anterior a versión 2.0.6, de Mozilla, permite a atacantes remotos ejecutar código arbitrario por medio de un atributo de selección grande en un elemento del árbol XUL, lo que desencadena un uso de la memoria previamente liberada. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL <tree> element's "selection" attribute. There is an integer overflow when calculating the bounds of a new selection range. • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00002.html http://www.mozilla.org/security/announce/2010/mfsa2010-40.html http://www.securityfocus.com/archive/1/512510 http://www.securityfocus.com/bid/41853 http://www.zerodayinitiative.com/advisories/ZDI-10-131 https://bugzilla.mozilla.org/show_bug.cgi?id=571106 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10958 https://access.redhat.com/security/cve/CVE-2010-2753 https://bugzilla • CWE-190: Integer Overflow or Wraparound CWE-416: Use After Free •
CVSS: 10.0EPSS: 73%CPEs: 65EXPL: 2CVE-2010-1214 – Mozilla Firefox Plugin Parameter EnsureCachedAttrParamArrays Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1214
Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements. Desbordamiento de entero en Mozilla Firefox v3.5.x anteriores a la v3.5.11 y v3.6.x anteriores a la v3.6.7, y SeaMonkey en versiones anteriores a la v2.0.6, permite a atacantes remotos ejecutar código de elección a través del "plugin content" con muchos elementos de parámetro. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browser's method for parsing child elements out of a particular tag. The application will use a 32-bit index to enumerate them, but will store it in a 16-bit signed integer and then use it to allocate space for a cache. • https://www.exploit-db.com/exploits/34358 https://www.exploit-db.com/exploits/15027 http://www.mozilla.org/security/announce/2010/mfsa2010-37.html https://bugzilla.mozilla.org/show_bug.cgi?id=572985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11685 https://access.redhat.com/security/cve/CVE-2010-1214 https://bugzilla.redhat.com/show_bug.cgi?id=615462 • CWE-189: Numeric Errors •