CVSS: 9.3EPSS: 6%CPEs: 100EXPL: 0CVE-2010-1200 – Mozilla Crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2010-1200
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de programa) o probablemente ejecutar código de su elección a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/ •
CVSS: 5.1EPSS: 0%CPEs: 58EXPL: 0CVE-2010-1197 – Content-Disposition: attachment ignored if Content-Type: multipart also present
https://notcve.org/view.php?id=CVE-2010-1197
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document. Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, y SeaMonkey anterior v2.0.5, no maneja adecuadamente situaciones en que "Content-Disposition: attachment" y "Content-Type: multipart" están presentes en las cabeceras HTTP, lo que permite a atacantse remotos conducir ataques de secuencias de comandos en sitios cruzados XSS a través de un documentos HTML cargado. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 ht • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 13%CPEs: 55EXPL: 0CVE-2010-0183
https://notcve.org/view.php?id=CVE-2010-0183
Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus. Vulnerabilidad de uso después de la liberación (Use-after-free) en la función nsCycleCollector::MarkRoots en Mozilla Firefox v3.5.x anterior v3.5.10 y SeaMonkey anteior v2.0.5 permite a atacantes remotos ejecutar código de su elección a través de un documento HTML manipulado, relacionado con el proceso de construcción inadecuado de un frame para menús. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40326 http://secunia.com/advisories/40481 http://www.mozilla.org/security/announce/2010/mfsa2010-27.html http://www.securityfocus.com/bid/41050 http://www.securitytracker.com/id?1024138 http://www.vupen.com/english/advisories/2010/ • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 13%CPEs: 100EXPL: 0CVE-2010-1196 – nsGenericDOMDataNode:: SetTextInternal
https://notcve.org/view.php?id=CVE-2010-1196
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función GenericDOMDataNode::SetTextInternal en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su elección a través de un nodo DOM con un valor de texto largo que provoca un desbordamiento de búfer basado en la memoria dinámica • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/ • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 6%CPEs: 97EXPL: 1CVE-2010-1201
https://notcve.org/view.php?id=CVE-2010-1201
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificados en el motor JavaScript en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de programa) o probablemente ejecutar código de su elección a través de vectores no especificados. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://ubuntu.com/usn/usn-930-1 http://www.mozilla.org/security/announce/2010/mfsa2010-26.html http://www.se •