Page 102 of 691 results (0.026 seconds)

CVSS: 9.3EPSS: 16%CPEs: 88EXPL: 0

CVE-2009-0772 – Firefox 2 and 3 - Layout engine crashes

https://notcve.org/view.php?id=CVE-2009-0772

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. El motor en Mozilla Firefox 2 y 3 anteriores v3.0.7, Thunderbird anteriores a v2.0.0.21, y SeaMonkey v1.1.15 permite a los atacantes remotos causar una denegación de servicios (caída) y posiblemente ejecutar arbitrariamente código a través de vectores relativos a nsCSSStyleSheet::GetOwnerNode, eventos, y recolección de basura, lo que lanza una corrupción de memoria • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://sec • CWE-399: Resource Management Errors •

CVSS: 5.8EPSS: 0%CPEs: 88EXPL: 0

CVE-2009-0777 – Firefox URL spoofing with invisible control characters

https://notcve.org/view.php?id=CVE-2009-0777

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. Mozilla Firefox en versiones anteriores a 3.0.7, Thunderbird en versiones anteriores 2.0.0.21 y SeaMonkey en versiones anteriores a 1.1.15, decodifican caracteres invisibles cuando son desplegados en la barra de ubicación, lo que causa que se muestre una dirección incorrecta y hace más fácil para los atacantes remotos falsificar URL y realizar ataques de phishing. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://securitytracker.com/alerts/2009/Mar/1021799.html http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document http://www.mandriva.com/security/advisories?name=MDVSA-2009 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 94%CPEs: 88EXPL: 2

CVE-2009-0773 – Firefox 3 crashes in the JavaScript engine

https://notcve.org/view.php?id=CVE-2009-0773

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. El motor JavaScript de Mozilla Firefox anterior a v3.0.7, Thunderbird anterior a v2.0.0.21 y SeaMonkey v1.1.15, permite a atacantes remotos provocar una denegación de servicio (caída) y puede que ejecutar código de su elección a través de (1) una unión de un array que contiene "algunos elementos non-set" que hace que jsarray.cpp pase un argumento incorrecto a la función ResizeSlots lo que lanza una corrupción de memoria; (2) vectores relacionado con js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__ y watch -ver- que lanzan un fallo de aserción o un fallo de segmentación y (3) vectores relacionados con gczeal, __defineSetter__ y watch -ver- que inducen a un cuelgue. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34383 http://secunia.com/advisories/34462 http://secunia.com/advisories/34464 http://secunia.com/advisories/34527 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&am • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 0%CPEs: 88EXPL: 0

CVE-2009-0776 – Firefox XML data theft via RDFXMLDataSource and cross-domain redirect

https://notcve.org/view.php?id=CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. nsIRDFService de Mozilla Firefox anterior a v3.0.7, Thunderbird anterior a v2.0.0.21 y SeaMonkey anterior a v1.1.15; permite a atacantes remotos evitar la política de same-origin -mismo origen- y leer datos XML desde otro dominio a través de una redirección de dominio cruzado. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://sec • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 76%CPEs: 88EXPL: 0

CVE-2009-0771 – Firefox 3 Layout Engine Crashes

https://notcve.org/view.php?id=CVE-2009-0771

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. El motor de diseño en Mozilla Firefox anterior a v3.0.7, Thunderbird anterior a v2.0.0.21, y SeaMonkey v1.1.15, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente la ejecución de código de su elección a través de vectores que provocan una corrupción de memoria y un fallo de aserción. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34383 http://secunia.com/advisories/34462 http://secunia.com/advisories/34464 http://secunia.com/advisories/34527 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&am • CWE-399: Resource Management Errors •