Page 105 of 688 results (0.029 seconds)

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-5510 – Firefox null characters ignored by CSS parser

https://notcve.org/view.php?id=CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. El analizador CSS en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 ignora el carácter de escape nulo '\0', el cual debería permitir a un atacante remoto evitar los mecanismos de protección como las rutinas de limpieza. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33408 http://secunia.com/advisories/33523 http://secunia.com/advisories/34501 http://secunia.com/advisories/35080 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://sunso •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-5508 – Firefox errors parsing URLs with control characters

https://notcve.org/view.php?id=CVE-2008-5508

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. Mozilla Firefox 3.x en versiones anteriores 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 no analizando propiamente URLs con espacios en blanco destacados o caracteres de control, el cual podría permitir a los atacantes remotos deformar URL y simplificar los ataques de fraude (phishing). • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http:/& • CWE-20: Improper Input Validation •

CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-5507 – Firefox Cross-domain data theft via script redirect error message

https://notcve.org/view.php?id=CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones anteriores a v2.0.0.19 y SeaMonkey 1.x versiones anteriores a v1.1.14 permite a atacantes remotos evitar la política origen y acceder a partes de datos de otro dominio a través de URL javascript que redirige a la fuente objetivo, el cual genera un error si los datos objetivo no tienen sintaxis Javascript, a los que se puede acceder utilizando la API window.onerror DOM. • http://scary.beasts.org/security/CESA-2008-011.html http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0

CVE-2008-5500 – Layout engine crashes - Firefox 2 and 3

https://notcve.org/view.php?id=CVE-2008-5500

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente provocar una corrupción de memoria a través de vectores relacionados con (1) un fallo de aserción o (2) un desbordamiento de entero. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0

CVE-2008-5052

https://notcve.org/view.php?id=CVE-2008-5052

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. La función AppendAttributeValue en el motor de JavaScript en Mozilla Firefox v2.x anterior a v2.0.0.18, Thunderbird v2.x anterior a v2.0.0.18, y SeaMonkey v1.x anterior a v1.1.13 , permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos que lanzan una corrupción de memoria, como se ha demostrado con e4x/extensions/regress-410192.js. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 http://www.mozilla.org/security/announce/2008/mfsa2008-52.html http://www.securityfocus.com/bid/32281 http://www.securitytracker.com/id?1021183 http://www.us-cert.gov/cas/techalerts/TA08-319A.html http://www.vupen.com/english/advisories/2008/3146 https://bugzilla.mozilla.org/show_ • CWE-399: Resource Management Errors •