Page 104 of 688 results (0.015 seconds)

CVSS: 2.6EPSS: 4%CPEs: 54EXPL: 0

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. La función loadBindingDocument en Mozilla Firefox 2.x antes de v2.0.0.19, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 no realiza ninguna comprobación de seguridad relacionada con la política de mismo dominio, que permite a atacantes remotos leer o acceder a datos de otros dominios mediante vínculos XBL manipulados. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33189 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/33523 http://secunia.com/advisories/33547 http:/& •

CVSS: 5.0EPSS: 5%CPEs: 5EXPL: 0

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. El motor de diseño en Mozilla Firefox 3.x en versiones anteriores 3.0.5, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 que permite a los atacantes remotos causar una denegación de servicios a través de vectores que lanzar un fallo de evaluación. • http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/33421 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mozilla.org/security/announce/2008/mfsa2008-60.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://ww •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones anteriores a v2.0.0.19, y SeaMonkey 1.x versiones anteriores a v1.1.14 permite a atacantes remotos evitar la misma política de origen provocando que el navegador cause una XMLHttpRequest de un recurso controlado por el atacante que utiliza una redirección 302 a la fuente en un dominio distinto, a continuación leyendo el contenido de la respuesta, también conocido como "revelación de respuesta". • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores anteriores a 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 permite a los atacantes remotos ejecutar arbitrariamente JavaScript con privilegios chrome a través de vectores desconocido en la cual "el contenido de la página puede contaminar XPCNativeWrappers." • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. Vulnerabilidad no especificada en la característica session-restore en Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19 permite a atacantes remotos evitar la misma política de origen, inyectar contenido dentro de documentos asociados con otros dominios, y llevar a cabo un ataque de secuencias de comandos en sitios cruzados (XSS) a través de vectores desconocidos relacionados con la restauración de datos SessionStore. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33421 http://secunia.com/advisories/33523 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisor • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •