Lucene search
+L

2142 matches found

Zero Day Initiative
Zero Day Initiative
added 2010/09/13 12:0 a.m.40 views

Mozilla Firefox normalizeDocument Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the normalizeDocument...

10CVSS9.4AI score0.05366EPSS
Exploits0References1
securityvulns
securityvulns
added 2010/09/10 12:0 a.m.77 views

Mozilla Foundation Security Advisory 2010-57

Mozilla Foundation Security Advisory 2010-57 Title: Crash and remote code execution in normalizeDocument Impact: Critical Announced: September 7, 2010 Reporter: regenrecht Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.9 Firefox 3.5.12 Thunderbird 3.1.3 Thunderbird 3.0.7 SeaMonke...

9.3CVSS0.3AI score0.05366EPSS
Exploits0
NVD
NVD
added 2010/09/09 7:0 p.m.20 views

CVE-2010-2766

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...

9.3CVSS8.8AI score0.05366EPSS
Exploits0References14
Prion
Prion
added 2010/09/09 7:0 p.m.20 views

Code injection

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...

9.3CVSS8AI score0.05366EPSS
Exploits0References14Affected Software3
Cvelist
Cvelist
added 2010/09/09 6:0 p.m.27 views

CVE-2010-2766

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...

8.9AI score0.05366EPSS
Exploits0References14
CVE
CVE
added 2010/09/09 6:0 p.m.139 views

CVE-2010-2766

CVE-2010-2766 is a memory/DOM handling flaw in Mozilla’s browser engines where the normalization code could remove DOM nodes during traversal, leading to an access of a deleted object and potential code execution. Affected products and versions per the provided documents: Mozilla Firefox before 3...

9.3CVSS8.8AI score0.05366EPSS
Exploits0References14Affected Software1
UbuntuCve
UbuntuCve
added 2010/09/07 12:0 a.m.51 views

CVE-2010-2766

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...

9.3CVSS7.3AI score0.05366EPSS
Exploits0References3
Mozilla
Mozilla
added 2010/09/07 12:0 a.m.44 views

Crash and remote code execution in normalizeDocument — Mozilla

Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that code used to normalize a document contained a logical flaw that could be leveraged to run arbitrary code. When the normalization code ran, a static count of the document's child nodes was used in the traversal, so...

9.3CVSS2AI score0.05366EPSS
Exploits0References2Affected Software3
Prion
Prion
added 2010/07/30 8:30 p.m.26 views

Design/Logic Flaw

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

9.3CVSS7.9AI score0.05384EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2010/07/30 8:0 p.m.34 views

CVE-2010-1209

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

9.3AI score0.05384EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2010/07/21 1:0 a.m.6 views

Mozilla Use-after-free error in NodeIterator

Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and ...

9.3CVSS7.8AI score0.05384EPSS
Exploits0References4
Zero Day Initiative
Zero Day Initiative
added 2010/07/20 12:0 a.m.40 views

Mozilla Firefox DOM Attribute Cloning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a workaround tha...

10CVSS4.9AI score0.05153EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2010/06/22 10:29 p.m.10 views

firefox: arbitrary code execution via memory corruption

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

10CVSS7.7AI score0.05773EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2010/06/22 9:57 p.m.6 views

firefox: arbitrary code execution via memory corruption

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

10CVSS7.7AI score0.05773EPSS
Exploits1References4
Drupal
Drupal
added 2010/05/19 12:0 a.m.15 views

SA-CONTRIB-2010-058: Chaos tool suite - Multiple vulnerabilities

The Chaos tool suite ctools is primarily a set of APIs and tools to improve the developer experience. This module was found to have multiple vulnerabilities. Cross site scripting XSS The module did not properly sanitize node titles under certain circumstances, resulting in multiple cross-site...

7.2AI score
Exploits0References8
ThreatPost
ThreatPost
added 2010/04/02 2:24 p.m.7 views

Mozilla Plugs Firefox Pwn2Own Security Hole

Mozilla is the first browser vendor to fix a vulnerability exploited at this year’s CanSecWest Pwn2Own contest. Just one week after a U.K.-based hacker known as “Nils” broke into a 64-bit Windows 7 machine with a Firefox vulnerability, the open-source group shipped Firefox 3.6.3 to plug the...

7.7AI score
Exploits0References2
Mozilla
Mozilla
added 2010/04/01 12:0 a.m.50 views

Re-use of freed object due to scope confusion — Mozilla

A memory corruption flaw leading to code execution was reported by security researcher Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint's Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its ol...

10CVSS0.5AI score0.05773EPSS
Exploits1References2Affected Software3
Cvelist
Cvelist
added 2010/03/25 8:31 p.m.35 views

CVE-2010-1121

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

9.5AI score0.05773EPSS
Exploits1References24
UbuntuCve
UbuntuCve
added 2010/03/25 12:0 a.m.32 views

CVE-2010-1121

Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collectio...

10CVSS7.5AI score0.05773EPSS
Exploits1References6
securityvulns
securityvulns
added 2009/11/26 12:0 a.m.55 views

CORE-2009-0910: Autodesk Maya Script Nodes Arbitrary Command Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Autodesk Maya Script Nodes Arbitrary Command Execution 1. Advisory Information Title: Autodesk Maya Script Nodes Arbitrary Command Execution Advisory Id: CORE-2009-09...

9.3CVSS0.04423EPSS
Exploits6
Rows per page
Query Builder