CVSS: 9.3EPSS: 41%CPEs: 75EXPL: 0CVE-2008-2785 – Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2785
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. Firefox anterior a versión 2.0.0.16 y versiones 3.x anteriores a 3.0.1, Thunderbird anterior a versión 2.0.0.16, y SeaMonkey anterior a versión 1.1.11, de Mozilla, utilizan un tipo de datos enteros incorrecto como contador de referencia de objeto CSS en la estructura de datos cssValue (también se conoce como nsCSSValue:Array), que permite a los atacantes remotos ejecutar código arbitrario por medio de un gran número de referencias a un objeto CSS común, conllevando a un desbordamiento de contador y una liberación de memoria en uso, también se conoce como ZDI-CAN-349. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling reference counters to the nsCSSValue:Array class. Creating more then 65,535 references will overflow a 16-bit reference counter and therefore result in an erroneous free() while the object still exists. • http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation http://dvlabs.tippingpoint.com/blog/2008/06/18/vulnerability-in-mozilla-firefox-30 http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30761 http://secunia.com/advisories/31121 http://secunia.com/advisories/31122 http://secunia.com/advisories/31129 http://secunia.com/advisories/31144 http://secunia.com/advisories/31145 http://secunia.com/advisories/31154 http://secuni • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 51%CPEs: 105EXPL: 0CVE-2008-1235 – chrome privilege via wrong principal
https://notcve.org/view.php?id=CVE-2008-1235
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." Vulnerabilidad no especificada en Mozilla Firefox en versiones anteriores a 2.0.0.13, Thunderbird en versiones anteriores a 2.0.0.13 y SeaMonkey en versiones anteriores a 1.1.9 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos que provoca que JavaScript se ejecute con el principal equivocado, vulnerabilidad también conocida como "Escalado de privilegios a través de principales incorrectos". • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/2 •
CVSS: 9.3EPSS: 22%CPEs: 80EXPL: 0CVE-2008-0420 – Mozilla information disclosure flaw
https://notcve.org/view.php?id=CVE-2008-0420
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. El archivo modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp en Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8, no realiza apropiadamente ciertos cálculos relacionados con la tabla mColors, lo que permite a los atacantes remotos leer partes de memoria no inicializadas por medio de un archivo de mapa de bits de 8 bits (BMP) diseñado que desencadena una lectura fuera de límites dentro de la pila, como es demostrado mediante el uso de un elemento CANVAS; o al causar una denegación de servicio (bloqueo de la aplicación) por medio de un archivo de mapa de bits de 8 bits diseñado que desencadena una lectura fuera de límites. NOTA: los reportes públicos iniciales indicaron que esto afectó a Firefox en Ubuntu versiones 6.06 hasta 7.10. • http://browser.netscape.com/releasenotes http://secunia.com/advisories/28758 http://secunia.com/advisories/28839 http://secunia.com/advisories/29049 http://secunia.com/advisories/29098 http://secunia.com/advisories/29167 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http://securitytracker.com/id?1019434 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml http://www.mandriva. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 95%CPEs: 66EXPL: 0CVE-2007-5959 – Multiple flaws in Firefox
https://notcve.org/view.php?id=CVE-2007-5959
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7 permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante vectores desconocidos que disparan corrupción de memoria. • http://browser.netscape.com/releasenotes http://bugs.gentoo.org/show_bug.cgi?id=198965 http://bugs.gentoo.org/show_bug.cgi?id=200909 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html http://secunia.com/advisories/27725 http://secunia.com/advisories/27793 http://secunia.com/advisories/27796 http://secunia.com/advisories/27797 http://secunia.com/advisories/27800 http://secunia. •
CVSS: 4.3EPSS: 8%CPEs: 52EXPL: 0CVE-2007-5960 – Mozilla Cross-site Request Forgery flaw
https://notcve.org/view.php?id=CVE-2007-5960
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7, establece el encabezado Referer en la ventana o trama en la que se ejecuta el script, en lugar de la dirección del contenido que inició el script, lo que permite a atacantes remotos suplantar encabezados Referer HTTP y omitir Esquemas de protección CSRF basados ??en Referer mediante la configuración de window.location y utilizando un cuadro de diálogo de alerta modal que causa que el Referer incorrecto se envíe. • http://browser.netscape.com/releasenotes http://bugs.gentoo.org/show_bug.cgi?id=198965 http://bugs.gentoo.org/show_bug.cgi?id=200909 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00004.html http://secunia.com/advisories/27725 http://secunia.com/advisories/27793 http://secunia.com/advisories/27796 http://secunia.com/advisories/27797 http://secunia.com/advisories/27800 http://secunia. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-352: Cross-Site Request Forgery (CSRF) •