CVE-2010-1199 – Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-1199
Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Desbordamiento de enteros en la implementación del nodo de ordenación XSLT en Mozilla Firefox v3.5.x anterior v3.5.10 y v3.6.x anterior v3.6.4, Thunderbird anterior v3.0.5, y SeaMonkey anterior v2.0.5 permite a atacantes remotos ejecutar código de su elección a través de un valor de texto largo para el nodo. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or otherwise render a malicious file. The specific flaw exists within a particular XSLT transformation when applied to an XML document. If a large number of elements have this transformation applied to them, the application will misallocate a buffer. • https://www.exploit-db.com/exploits/34192 https://www.exploit-db.com/exploits/14949 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40323 http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2010-1585 – javascript: URLs in chrome documents (MFSA 2011-08)
https://notcve.org/view.php?id=CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. El método nsIScriptableUnescapeHTML.parseFragment en el mecanismo de protección ParanoidFragmentSink en Mozilla Firefox en versiones anteriores a 3.5.17 y 3.6.x en versiones anteriores a 3.6.14, Thunderbird en versiones anteriores a 3.1.8 y SeaMonkey en versiones anteriores a 2.0.12 no desinfecta adecuadamente HTML en un documento chrome, lo que hace más fácil a atacantes remotos ejecutar JavaScript arbitrario con privilegios de chrome a través de un javascript: URI en entrada a una extensión, como se demuestra por una secuencia javascript:alert en el atributo (1) HREF de un elemento A o el atributo (2) ACTION de un elemento FORM. • http://downloads.avaya.com/css/P8/documents/100133195 http://wizzrss.blat.co.za/2009/11/17/so-much-for-nsiscriptableunescapehtmlparsefragment http://www.mandriva.com/security/advisories?name=MDVSA-2011:041 http://www.mandriva.com/security/advisories?name=MDVSA-2011:042 http://www.mozilla.org/security/announce/2011/mfsa2011-08.html http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf http://www.securityfocus.com/archive/1/510883/100/0/threaded https://bug • CWE-20: Improper Input Validation •
CVE-2010-0178 – Firefox Chrome privilege escalation via forced URL drag and drop
https://notcve.org/view.php?id=CVE-2010-0178
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading a chrome: URL and then loading a javascript: URL. Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, no impide que los applets interpreten los clicks del ratón como acciones drag-and-drop, lo que permite a atacantes remotos ejecutar JavaScript arbitrario con privilegios chrome mediante la carga de un chrome: URL cuando se carga un JavaScript : URL. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39240 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 http://securitytracker.com/id?1023776 http://ubuntu.com/usn/usn-921-1 http://www.debian.org/security/2010/dsa-2027 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/201 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0179 – Firefox Arbitrary code execution with Firebug XMLHttpRequestSpy
https://notcve.org/view.php?id=CVE-2010-0179
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. Mozilla Firefox anteriores a v3.0.19 y v3.5.x anteriores a v3.5.8, y SeaMonkey anteriores a v2.0.3, cuando se utiliza el modulo XMLHttpRequestSpy en el complemento Firebug, no gestiona adecuadamente la interacción entre el objeto XMLHttpRequestSpy y los objetos con privilegios chrome, lo que permite a atacantes remotos ejecutar JavaScript de forma arbitraria a través de peticiones HTTP manipuladas. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00002.html http://secunia.com/advisories/3924 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 http://secunia.com/advisories/42818 http://securitytracker.com/id?1023783 http://support.avaya.com/css/P8/documents/100124650 http://ubuntu.com/usn/usn-921-1 http://www.debian.org/security& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-0181
https://notcve.org/view.php?id=CVE-2010-0181
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many images. Mozilla Firefox anteriores a v3.5.9 y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, ejecuta la aplicación de correo en situaciones donde un elemento IMG tiene un atributo SRC que redirigido a una URL mailto:, lo que permite a atacantes remotos producir una denegación de servicio (lanzamiento de demasiadas aplicaciones) a través de un documento HTML con muchas imágenes. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/39136 http://secunia.com/advisories/39397 http://ubuntu.com/usn/usn-921-1 http://websecurity.com.ua/4206 http://www.mandriva.com/security/advisories?name=MDVSA-2010:070 http://www.mozilla.org/security/announce/2010/mfsa2010-23.html http://www.securityfocus.com/archive/1/511327/100/0/threaded http://www.vupen.com/english/advisories/2010/0748 http://www.vupen.com/engl • CWE-20: Improper Input Validation •