CVSS: 10.0EPSS: 43%CPEs: 144EXPL: 0CVE-2010-0177 – Mozilla Firefox PluginArray nsMimeType Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0177
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to a "dangling pointer vulnerability." El objeto window.navigator.plugins en Mozilla Firefox anteriores a v3.0.19, 3.5.x anteriores a v3.5.9, y v3.6.x anteriores a v3.6.2, y SeaMonkey anteriores a v2.0.4, no gestiona adecuadamente la memoria durante la recarga de una pagina, lo que permite a atacantes remotos ejecutar código de forma arbitraria o producir una denegación de servicio (caída de aplicación) a través de vectores inespecíficos que inician el borrado de objetos referenciados, relacionado con la "vulnerabilidad de puntero colgado". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that a user must be coerced to viewing a malicious document. The specific flaw exists within the way the application implements the window.navigator.plugins array. Due to the application freeing the contents of the array while a reference to one of the elements is still being used, an attacker can utilize the free reference to call arbitrary code. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39240 http://secunia.com/advisories/39243 http://secunia.com/advisories/39308 http://secunia.com/advisories/39397 http://securitytracker.com/id?1023776 http://ubuntu.com/usn/usn-921-1 http://www.debian.org/security/2010/dsa-2027 http://www.mandriva.com/security&# • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 88%CPEs: 206EXPL: 0CVE-2010-0176 – Mozilla Firefox nsTreeContentView Dangling Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0176
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors that trigger access to deleted elements, related to a "dangling pointer vulnerability." Mozilla Firefox v3.0.19, v3.5.x antes de v3.5.9, y v3.6.x antes de v3.6.2; Thunderbird antes de v3.0.4, y SeaMonkey antes de v2.0.4 no gestionan adecuadamente la cuenta de referencias a elementos de opción en un árbol XUL optgroup , lo que podría permitir a atacantes remotos ejecutar código arbitrario a través de vectores no especificados que desencadenan el acceso a los elementos eliminados, relacionados con una vulnerabilidad de puntero colgado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within the way that Mozilla's Firefox parses .XUL files. While appending a particular tag to a treechildren container, the application will create more than one reference to a particular element without increasing its reference count. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http:&# • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 10%CPEs: 205EXPL: 0CVE-2010-0175 – Mozilla Firefox nsTreeSelection EventListener Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0175
Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors that trigger a call to the handler for the select event for XUL tree items. Vulnerabilidad de uso después de la liberación (Use after free)en la implementación nsTreeSelection en Mozilla Firefox anteriores a v3.0.19 y v3.5.x anteriores a v3.5.9, Thunderbird anteriores a v3.0.4, y SeaMonkey anteriores a v2.0.4, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de la aplicación) a través de vectores no específicos que pueden provocar una llamada a ciertos gestores de de eventos. This vulnerability allows remote attackers to execute arbitrary code on software utilizing a vulnerable version of Mozilla's Firefox. User interaction is required in that the victim must visit a malicious website or be coerced into opening a malicious document. The specific flaw exists within how the application handles particular events for an nsTreeSelection element. Upon execution of a "select" event the application will access an element without checking to see if it's been previously freed or not. • http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038378.html http://lists.fedoraproject.org/pipermail/package-announce/2010-April/038406.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38566 http://secunia.com/advisories/39117 http://secunia.com/advisories/39136 http://secunia.com/advisories/39204 http://secunia.com/advisories/39240 http:&# • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 5.8EPSS: 0%CPEs: 78EXPL: 0CVE-2010-1125 – firefox: keystrokes sent to hidden frame rather than visible frame due to javascript flaw
https://notcve.org/view.php?id=CVE-2010-1125
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. La implementación de JavaScript en Firefox versiones 3.x anteriores a 3.5.10 y versiones 3.6.x anteriores a 3.6.4, y SeaMonkey anterior a versión 2.0.5, de Mozilla, permite a los atacantes remotos enviar pulsaciones de teclas (keystrokes) seleccionadas en un campo de formulario en un marco oculto, en lugar del campo de formulario previsto en un marco visible, por medio de ciertas llamadas al método focus. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http://ubuntu.com/usn/usn-930-1 http://www.mandriva.com/security/advisories?name=MDVSA-2010:125 ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 1%CPEs: 85EXPL: 0CVE-2010-0169 – firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)
https://notcve.org/view.php?id=CVE-2010-0169
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. La función CSSLoaderImpl::DoSheetComplete en layout/style/nsCSSLoader.cpp en Mozilla Firefox v3.0.x anterior a v3.0.18, v3.5.x anterior a v3.5.8, y v3.6.x anterior a v3.6.2; Thunderbird anterior a v3.0.2; y SeaMonkey anterior a v2.0.3 cambia la caja de ciertas cadenas en la hoja de estilos antes de añadirla a la cache XUL, lo que permite a atacantes remotos modificar las fuentes del navegador y otros atributos CSS, y potencialmente interrumpir el renderizado de una pagina web, forzando al navegador a cachear la hoja de estilos incorrecta. • http://www.mozilla.org/security/announce/2010/mfsa2010-14.html http://www.securityfocus.com/bid/38918 http://www.vupen.com/english/advisories/2010/0692 https://bugzilla.mozilla.org/show_bug.cgi?id=535806 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8431 https://access.redhat.com/security/cve/CVE-2010-0169 https://bugzilla.redhat.com/show_bug.cgi?id=576694 •