CVSS: 9.8EPSS: 41%CPEs: 75EXPL: 0CVE-2008-2785 – Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2785
19 Jun 2008 — Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. Firefox anterior a versión 2.0.0.16 y versiones 3.x anteriores a 3.0.1, Thunderbir... • http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 15%CPEs: 49EXPL: 0CVE-2008-1380 – Firefox JavaScript garbage collection crash
https://notcve.org/view.php?id=CVE-2008-1380
17 Apr 2008 — The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.14, Thunderbird versiones anteriores a 2.0.0.14, y SeaMonkey versiones anteriores a 1.1.10 permite a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 83%CPEs: 3EXPL: 0CVE-2008-1233 – Mozilla products XPCNativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-1233
27 Mar 2008 — Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." Vulnerabilidad no especificada en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos ejecutar código de su elección a través de "XPCNativeWrapper pollution." • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 3%CPEs: 3EXPL: 0CVE-2008-1234 – universal XSS using event handlers
https://notcve.org/view.php?id=CVE-2008-1234
27 Mar 2008 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos inyectar web script o ... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 80%CPEs: 105EXPL: 0CVE-2008-1235 – chrome privilege via wrong principal
https://notcve.org/view.php?id=CVE-2008-1235
27 Mar 2008 — Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." Vulnerabilidad no especificada en Mozilla Firefox en versiones anteriores a 2.0.0.13, Thunderbird en versiones anteriores a 2.0.0.13 y SeaMonkey en versiones anteriores a 1.1.9 permite a atacantes remotos ejecuta... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html •
CVSS: 9.8EPSS: 60%CPEs: 3EXPL: 0CVE-2008-1236 – browser engine crashes
https://notcve.org/view.php?id=CVE-2008-1236
27 Mar 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos provocar una denegación de ... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 60%CPEs: 3EXPL: 0CVE-2008-1237 – javascript crashes
https://notcve.org/view.php?id=CVE-2008-1237
27 Mar 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos provocar una denegación... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 61%CPEs: 4EXPL: 0CVE-2008-0304 – thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0304
29 Feb 2008 — Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. Desbordamiento de búfer basado en montículo en Mozilla Thunderbird antes de 2.0.0.12 y SeaMonkey antes de 1.1.8 podrían permitir a atacantes remotos ejecutar código de su elección a través de un tipo MIME "message/external-body" manipulad... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 11%CPEs: 3EXPL: 0CVE-2008-0416 – Mozilla arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-0416
12 Feb 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. Múltiples vulnerabilidades de XSS en Mozilla Firefox en versiones anteriores a 2.0.0.12, Thunderb... • http://jvn.jp/en/jp/JVN21563357/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 12%CPEs: 80EXPL: 0CVE-2008-0420 – Mozilla information disclosure flaw
https://notcve.org/view.php?id=CVE-2008-0420
12 Feb 2008 — modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers ... • http://browser.netscape.com/releasenotes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •