CVSS: 9.8EPSS: 1%CPEs: 202EXPL: 0CVE-2009-1841 – Firefox JavaScript arbitrary code execution
https://notcve.org/view.php?id=CVE-2009-1841
12 Jun 2009 — js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. js/src/xpconnect/src/xpcwrappedjsclass.cpp en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anterior a v1.1.17 permite a atacantes remotos ejecutar secuencias de comandos web de forma arb... • http://osvdb.org/55159 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 13%CPEs: 202EXPL: 2CVE-2009-1832 – Firefox double frame construction flaw
https://notcve.org/view.php?id=CVE-2009-1832
12 Jun 2009 — Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar co... • http://osvdb.org/55148 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.4EPSS: 1%CPEs: 202EXPL: 2CVE-2009-1836 – Firefox SSL tampering via non-200 responses to proxy CONNECT requests
https://notcve.org/view.php?id=CVE-2009-1836
12 Jun 2009 — Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 utilizan la cabecera HTTP del servidor para determina... • http://osvdb.org/55160 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 93%CPEs: 112EXPL: 11CVE-2009-1392 – Firefox browser engine crashes
https://notcve.org/view.php?id=CVE-2009-1392
12 Jun 2009 — The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNext... • http://osvdb.org/55144 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 5%CPEs: 198EXPL: 0CVE-2009-1303 – Firefox 2 and 3 Layout engine crash
https://notcve.org/view.php?id=CVE-2009-1303
22 Apr 2009 — The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. El navegador del motor en Mozilla Firefox versiones anteriores a v3.0.9, Thunderbird versiones anteriores a v2.0.0.22, y SeaMonkey versiones anteriores a v1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-16: Configuration •
CVSS: 7.1EPSS: 10%CPEs: 77EXPL: 5CVE-2009-1302 – Firefox 3 Layout engine crashes
https://notcve.org/view.php?id=CVE-2009-1302
22 Apr 2009 — The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) P... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 94EXPL: 0CVE-2009-1307 – view-source: protocol
https://notcve.org/view.php?id=CVE-2009-1307
22 Apr 2009 — The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. La implementación view-source: URI en Mozilla Firefox anteriores a v3.0.9, Thun... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 19%CPEs: 77EXPL: 1CVE-2009-1305 – Firefox 2 and 3 JavaScript engine crash
https://notcve.org/view.php?id=CVE-2009-1305
22 Apr 2009 — The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. El motor JavaScript en Mozilla Firefox antes de 3.0.9, Thunderbird antes de 2.0.0.22, y SeaMonkey antes de 1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de la aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 30%CPEs: 77EXPL: 2CVE-2009-1304 – Firefox 3 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1304
22 Apr 2009 — The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. El motor JavaScript en Mozilla Firefox v3.x en anteriores a v3.0.9, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.16 permite a atacantes re... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 5%CPEs: 102EXPL: 1CVE-2009-1308 – Firefox XSS hazard using third-party stylesheets and XBL bindings
https://notcve.org/view.php?id=CVE-2009-1308
22 Apr 2009 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anteriores a 3.0.9, Thunderbird, y SeaMonkey permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediant... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •