CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1234 – universal XSS using event handlers
https://notcve.org/view.php?id=CVE-2008-1234
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos inyectar web script o HTML de su elección a través de gestores de eventos, también conocido como "Universal XSS using event handlers." • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 51%CPEs: 105EXPL: 0CVE-2008-1235 – chrome privilege via wrong principal
https://notcve.org/view.php?id=CVE-2008-1235
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." Vulnerabilidad no especificada en Mozilla Firefox en versiones anteriores a 2.0.0.13, Thunderbird en versiones anteriores a 2.0.0.13 y SeaMonkey en versiones anteriores a 1.1.9 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos que provoca que JavaScript se ejecute con el principal equivocado, vulnerabilidad también conocida como "Escalado de privilegios a través de principales incorrectos". • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/2 •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 1CVE-2008-1238 – Referrer spoofing bug
https://notcve.org/view.php?id=CVE-2008-1238
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9, cuando generan las cabeceras HTTP Referer, no listan la URL entera cuando contienen credenciales de autenticación básicas sin un nombre de usuario, lo cual hace más fácil a atacantes remotos evitar los mecanismos de protección de aplicaciones que dependen de la cabecera Referer, como con algunos mecanismos de falsificación de petición en sitios cruzados (CSRF). • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/29607 http://secunia.com/advisories/2 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2008-1241 – XUL popup spoofing
https://notcve.org/view.php?id=CVE-2008-1241
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. Vulnerabilidad GUI overlay Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos falsificar los elementos form y redireccionar entradas de los usuarios a través de una ventana emergente borderless XUL de un tab de fondo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/29607 http://secunia.com/advisories/2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 35%CPEs: 4EXPL: 0CVE-2008-0304 – thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0304
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. Desbordamiento de búfer basado en montículo en Mozilla Thunderbird antes de 2.0.0.12 y SeaMonkey antes de 1.1.8 podrían permitir a atacantes remotos ejecutar código de su elección a través de un tipo MIME "message/external-body" manipulado en un e-mail, relacionado a una reserva de memoria incorrecta durante la previsualización del mensaje. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668 http://secunia.com/advisories/29098 http://secunia.com/advisories/29133 http://secunia.com/advisories/29167 http://secunia.com/advisories/29211 http://secunia.com/advisories/30327 http://secunia.com/advisories/31043 http://secunia.com/advisories/31253 http://secunia.com/advisories/33433 http://securitytracker.com/id?1019504 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •