CVSS: 10.0EPSS: 42%CPEs: 238EXPL: 0CVE-2011-0053 – Mozilla miscellaneous memory safety hazards (MFSA 2011-01)
https://notcve.org/view.php?id=CVE-2011-0053
02 Mar 2011 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox antes de v3.5.17 y v3.6.x antes de v3.6.14, Thunderbird antes de v3.1.8 y SeaMonkey antes de v2.0.12 p... • http://downloads.avaya.com/css/P8/documents/100133195 •
CVSS: 9.3EPSS: 8%CPEs: 149EXPL: 0CVE-2011-0061 – Mozilla crash caused by corrupted JPEG image (MFSA 2011-09)
https://notcve.org/view.php?id=CVE-2011-0061
02 Mar 2011 — Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. Desbordamiento de buffer en Mozilla Firefox 3.6.x anteriores a la versión 3.6.14, Thunderbird en versiones anteriores a la 3.1.8 y SeaMonkey anteriores a 2.0.12. Pueden permitir a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (caída de... • http://downloads.avaya.com/css/P8/documents/100133195 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 18%CPEs: 233EXPL: 0CVE-2010-3768 – Mozilla add support for OTS font sanitizer (MFSA 2010-78)
https://notcve.org/view.php?id=CVE-2010-3768
10 Dec 2010 — Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13, Thunderbird en versiones anteriores a la 3.0.11 y 3... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 15%CPEs: 258EXPL: 0CVE-2010-3769
https://notcve.org/view.php?id=CVE-2010-3769
10 Dec 2010 — The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. La implementación de line-breaking en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13, Thunderbird en versiones anteriore... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 47%CPEs: 149EXPL: 0CVE-2010-3778
https://notcve.org/view.php?id=CVE-2010-3778
10 Dec 2010 — Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Mozilla Firefox 3.5.x en versiones anteriores a la 3.5.16, Thunderbird en versiones anteriores a la 3.0.11 y SeaMonkey en versiones anteriores a la 2.0.11, permite a atacantes remotos provocar una denegació... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 7%CPEs: 233EXPL: 0CVE-2010-3776 – Mozilla miscellaneous memory safety hazards (MFSA 2010-74)
https://notcve.org/view.php?id=CVE-2010-3776
10 Dec 2010 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor de búsqueda en Mozilla Firefox en versiones anteriores a la 3.5.16 y 3.6.x en versiones anteriores a la 3.6.13,... • http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052022.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 221EXPL: 0CVE-2010-3173 – NSS: insecure Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2010-3173
21 Oct 2010 — The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. La implementación de SSL en Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y Se... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •
CVSS: 8.4EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3182 – Mozilla unsafe library loading flaw
https://notcve.org/view.php?id=CVE-2010-3182
21 Oct 2010 — A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. Una secuencia de comandos de ciertas aplicaciones que ejecutan Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y 3.... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox •
CVSS: 9.3EPSS: 7%CPEs: 135EXPL: 0CVE-2010-3174
https://notcve.org/view.php?id=CVE-2010-3174
21 Oct 2010 — Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Vulnerabilidad sin especificar en el motor del navegador Mozilla Firefox v3.5.x anterior a v3.5.14, Thunderbird anterior a v3.0.9 y SeaMonkey anterior a v2.0.9 permiten a atacantes remotos provocar una denegación de serv... • http://www.debian.org/security/2010/dsa-2124 •
CVSS: 5.9EPSS: 0%CPEs: 221EXPL: 0CVE-2010-3170 – firefox/nss: doesn't handle IP-based wildcards in X509 certificates safely
https://notcve.org/view.php?id=CVE-2010-3170
21 Oct 2010 — Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Mozilla Firefox anterior a v3.5.14 y v3.6.x anterior a v3.6.11, Thunderbird anterior a v3.0.9 y v3.1.x anterior a v3.1.5, y SeaMonkey ante... • http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_firefox • CWE-310: Cryptographic Issues •