CVE-2009-1571 – Mozilla incorrectly frees used memory (MFSA 2010-03)
https://notcve.org/view.php?id=CVE-2009-1571
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. Vulnerabilidad de uso después de la liberación en el parser HTML en Mozilla Firefox v3.0.x anteriores a v3.0.18 y v3.5.x anterior a v3.5.8, Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a v2.0.3, permite a atacantes remotos ejecutar código de su elección a través de métodos no especificados referidos al intento de acceder a objetos liberados en situaciones de baja memoria. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2009-3988 – Mozilla Firefox showModalDialog Cross-Domain Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2009-3988
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. Mozilla Firefox v3.0.x anterior a la v3.0.18 y v3.5.x anterior a la v3.5.8, y SeaMonkey anterior a la v2.0.3, no restringen de forma adecuada el acceso a las propiedades del objeto en showModalDialog, lo que permite a atacantes remotos saltarse la Same Origin Policy y conducir un ataque de ejecución de secuencias de comandos en sitios cruzados a través de valores manipulados dialogArguments. This vulnerability allows remote attackers to bypass specific script execution enforcements on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the lack of cross domain policy enforcement. Through usage of the showModalDialog() JavaScript method an attacker can gather sensitive information from another website. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38847 http://www.debian.org/security/2010/dsa-1999 http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0159 – Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
https://notcve.org/view.php?id=CVE-2010-0159
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. El motor de navegación en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, Thunderbird anterior a la v3.0.2, y SeaMonkey anterior a la v2.0.3 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección a través de vectores relativos a la función nsBlockFrame::StealFrame en layout/generic/nsBlockFrame.cpp, ay otros vectores no específicos. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036097.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036132.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242& •
CVE-2010-0162 – Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)
https://notcve.org/view.php?id=CVE-2010-0162
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. Mozilla Firefox v3.0.x anteriores v3.0.18 y v3.5.x anteriores v3.5.8, y SeaMonkey before v2.0.3, no soporta de forma adecuada el tipo de contenido application/octet-stream como mecanismo de protección contra la ejecución de ficheros de comandos web en ciertas circunstancias implicando elementos SVG y EMBED, lo que permite a atacantes remotos evitar la Same Origin Policy, y conducir ataques ejecución de secuencias de comandos en sitios cruzados (XSS) a través de documentos SVG embebidos. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38847 http://www.debian.org/security/2010/dsa-1999 http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-0160 – Mozilla Firefox Web Worker Array Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0160
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. La funcionalidad Web Worker en Mozilla Firefox v3.0.x anterior a la v3.0.18 y 3.5.x anterior a la v3.5.8, y SeaMonkey anteriores a la v2.0.3, no manejan de forma adecuada los tipos de datos array para mensajes posteado, lo que permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria dinámica y caída de la aplicación) o posiblemente ejecución de código de su elección a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the implementation of web worker threads. Due to mishandling the array data type while processing posted messages, a web worker thread can be made to corrupt heap memory. • http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035346.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035367.html http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035426.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html http://secunia.com/advisories/37242 http://secunia.com/advisories/38847 http://www.debian.org/security/2010/dsa-1999 http://www.mandriva.com/security/advisories?name=MDVSA-2010:042 • CWE-399: Resource Management Errors •