CVSS: 9.3EPSS: 6%CPEs: 49EXPL: 0CVE-2008-1380 – Firefox JavaScript garbage collection crash
https://notcve.org/view.php?id=CVE-2008-1380
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.14, Thunderbird versiones anteriores a 2.0.0.14, y SeaMonkey versiones anteriores a 1.1.10 permite a atacantes remotos provocar una denegación de servicio (caída del colector de basura) y posiblemente tener otros impactos mediante un página web manipulada. NOTA: esto es debido a un parche incorrecto para el CVE-2008-1237. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29787 http://secunia.com/advisories/29793 http://secunia.com/advisories/29828 http://secunia.com/advisories/29860 http://secunia.com/advisories/29883 http://secunia.com/advisories/29908 http://secunia.com/advisories/29911 http://secunia.com/advisories/29912 http://secunia.com/advisories/29947 http://secunia.com/advisories/30012 http://secunia.com/advisories/30029 http:// • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 45%CPEs: 3EXPL: 0CVE-2008-1237 – javascript crashes
https://notcve.org/view.php?id=CVE-2008-1237
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de vectores desconocidos en relación al motor JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 45%CPEs: 3EXPL: 0CVE-2008-1233 – Mozilla products XPCNativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-1233
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." Vulnerabilidad no especificada en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos ejecutar código de su elección a través de "XPCNativeWrapper pollution." • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 45%CPEs: 3EXPL: 0CVE-2008-1236 – browser engine crashes
https://notcve.org/view.php?id=CVE-2008-1236
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de vectores desconocidos en relación al motor de diseño. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/2 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 0CVE-2008-1240
https://notcve.org/view.php?id=CVE-2008-1240
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195. LiveConnect de Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9 no analiza sintácticamente de forma correcta el contenido original de URIs jar antes de enviarlas a la extensión de Java, lo cual permite a atacantes remotos acceder a puertos de su elección en la máquina local. NOTA: esto está relacionado con CVE-2008-1195 • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/29616 http://secunia.com/advisories/29645 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http://sunsolve.sun.com/search/document.do?asset •