CVSS: 9.8EPSS: 70%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.1EPSS: 7%CPEs: 2EXPL: 1CVE-2010-0166 – Mozilla Firefox 3.6 - 'gfxTextRun::SanitizeGlyphRuns()' Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2010-0166
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. La función gfxTextRun::SanitizeGlyphRuns en gfx/thebes/src/gfxFont.cpp en el motor del navegador en Mozilla Firefox v3.6 anterior a v3.6.2 sobre Mac OS X, cuando se utiliza Core Text API, no realiza adecuadamente ciertas supresiones, lo que permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) y posiblemente ejecutar código arbitrario a través de un documento HTML que contenga caracteres Unicode invisibles, como se demuestro con los caracteres U+FEFF, U+FFF9, U+FFFA, y U+FFFB • https://www.exploit-db.com/exploits/33800 http://www.mozilla.org/security/announce/2010/mfsa2010-11.html http://www.securityfocus.com/bid/38918 http://www.securityfocus.com/bid/38943 http://www.vupen.com/english/advisories/2010/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=538065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14182 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 7%CPEs: 3EXPL: 1CVE-2008-2934
https://notcve.org/view.php?id=CVE-2008-2934
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. Mozilla Firefox 3 anterior a la versión 3.0.1 sobre Mac OS X permite a atacante remotos causar una denegación de servicio (Con caida de la aplicación) o posiblemente ejecutar codigo arbitrario mediante un fichero GIF manipulado que ocasiona la liberacion de un puntero no inicializado. • http://secunia.com/advisories/31132 http://secunia.com/advisories/31270 http://secunia.com/advisories/34501 http://securitytracker.com/id?1020516 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mozilla.org/security/announce/2008/mfsa2008-36.html http://www.securityfocus.com/bid/30266 http://www.ubuntu.com/usn/usn-626-1 http://www.vupen.com/english/advisories/2008/2125 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mo • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 5%CPEs: 43EXPL: 0CVE-2007-3073
https://notcve.org/view.php?id=CVE-2007-3073
Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. Vulnerabilidad de salto de directorio en Mozilla Firefox 2.0.0.4 y anteriores en Mac OS X y Unix permite a atacantes remotos leer archivos de su elección mediante secuencias ..%2F (punto punto, barra codificada) en un URI resource://. • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc http://larholm.com/2007/05/25/firefox-0day-local-file-reading http://larholm.com/2007/06/04/unpatched-input-validation-flaw-in-firefox-2004 http://osvdb.org/35920 http://secunia.com/advisories/25481 http://www.securityfocus.com/archive/1/470500/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367428 https://bugzilla.mozilla.org/show_bug.cgi?id=380994 •