CVSS: 4.3EPSS: 51%CPEs: 3EXPL: 0CVE-2007-5340
https://notcve.org/view.php?id=CVE-2007-5340
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modificado que dispara una corrupción de memoria. • http://bugs.gentoo.org/show_bug.cgi?id=196481 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27313 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27326 http://secunia.com/advisories&#x • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 96%CPEs: 3EXPL: 0CVE-2007-5339
https://notcve.org/view.php?id=CVE-2007-5339
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. Múltiples vulnerabilidades en el Mozilla Firefox anterior al 2.0.0.8, en el Thunderbird anterior al 2.0.0.8 y en el SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un HTML modificado que dispara una corrupción de memoria o errores de aserción. • http://bugs.gentoo.org/show_bug.cgi?id=196481 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27313 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27326 http://secunia.com/advisories&#x • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 6%CPEs: 88EXPL: 0CVE-2007-4879
https://notcve.org/view.php?id=CVE-2007-4879
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. Mozilla Firefox anterior a Firefox versión 2.0.0.13, y SeaMonkey anterior a versión 1.1.9, pueden instalar automáticamente certificados de cliente TLS con una interacción mínima del usuario y enviar automáticamente estos certificados cuando se solicitan, lo que facilita que los sitios web remotos puedan realizar un seguimiento de las actividades de los usuarios en todos los dominios mediante la solicitud de los certificados de cliente TLS de otros dominios. • http://0x90.eu/ff_tls_poc.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/29616 http://secunia.com/advisories/29645 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http:/&#x •
CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 0CVE-2007-4841
https://notcve.org/view.php?id=CVE-2007-4841
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. Mozilla Firefox versiones anteriores a 2.0.0.8, Thunderbird versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permiten a atacantes remotos ejecutar comandos arbitrarios por medio de un URI (1) mailto, (2) nntp, (3) news o (4) snews con codificación "%" no válida, relacionada con el manejo de un tipo de archivo inapropiado en Windows XP con Internet Explorer versión 7 instalado, una variante de CVE-2007-3845. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27360 http://secunia.com/advisories/27414 http://secunia.com/advisories/27744 http://secunia.com/advisories/28363 http://secunia.com/advisories/28398 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-sec • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 3%CPEs: 26EXPL: 1CVE-2007-3511
https://notcve.org/view.php?id=CVE-2007-3511
The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. El manejo del enfoque para el evento onkeydown en Mozilla Firefox versiones 1.5.0.12, 2.0.0.0.4 y otras versiones anteriores a 2.0.0.8, y SeaMonkey versiones anteriores a 1.1.5, permite a atacantes remotos cambiar el enfoque del campo y copiar las pulsaciones de teclas por medio del atributo "for" en una etiqueta, lo que omite la prevención del enfoque, tal y como es demostrado cambiando el enfoque desde un área de texto hacia un campo de carga de archivos. • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0658.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/37994 http://secunia.com/advisories/25904 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories •