CVE-2008-1238 – Referrer spoofing bug
https://notcve.org/view.php?id=CVE-2008-1238
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9, cuando generan las cabeceras HTTP Referer, no listan la URL entera cuando contienen credenciales de autenticación básicas sin un nombre de usuario, lo cual hace más fácil a atacantes remotos evitar los mecanismos de protección de aplicaciones que dependen de la cabecera Referer, como con algunos mecanismos de falsificación de petición en sitios cruzados (CSRF). • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/29607 http://secunia.com/advisories/2 • CWE-287: Improper Authentication •
CVE-2008-1241 – XUL popup spoofing
https://notcve.org/view.php?id=CVE-2008-1241
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. Vulnerabilidad GUI overlay Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos falsificar los elementos form y redireccionar entradas de los usuarios a través de una ventana emergente borderless XUL de un tab de fondo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/29607 http://secunia.com/advisories/2 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2008-0304 – thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0304
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. Desbordamiento de búfer basado en montículo en Mozilla Thunderbird antes de 2.0.0.12 y SeaMonkey antes de 1.1.8 podrían permitir a atacantes remotos ejecutar código de su elección a través de un tipo MIME "message/external-body" manipulado en un e-mail, relacionado a una reserva de memoria incorrecta durante la previsualización del mensaje. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668 http://secunia.com/advisories/29098 http://secunia.com/advisories/29133 http://secunia.com/advisories/29167 http://secunia.com/advisories/29211 http://secunia.com/advisories/30327 http://secunia.com/advisories/31043 http://secunia.com/advisories/31253 http://secunia.com/advisories/33433 http://securitytracker.com/id?1019504 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0593 – Mozilla URL token stealing flaw
https://notcve.org/view.php?id=CVE-2008-0593
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. Los navegadores basados en Gecko, incluyendo Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, modifican la propiedad .href de los nodos DOM de la hoja de estilo al URI final de un redireccionamiento 302, que podría permitir a los atacantes remotos omitir la Política del Mismo Origen y leer información confidencial de la dirección URL original, como con los sistemas de Single-Signon. • http://browser.netscape.com/releasenotes http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28754 http://secunia.com/advisories/28758 http://secunia.com/advisories/28766 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http://secunia.com/advisories/28879 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-0412 – Mozilla layout engine crashes
https://notcve.org/view.php?id=CVE-2008-0412
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors. El motor de búsqueda en Mozilla Firefox versiones anteriores a la 2.0.0.12, Thunderbird versiones anteriores a la 2.0.0.12 y SeaMonkey versiones anteriores a la 1.1.8 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente disparar una corrupción de memoria a través de vectores relacionados con los métodos (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame y (6) nsLineLayout::TrimTrailingWhiteSpaceIn y con otros vectores. • http://browser.netscape.com/releasenotes http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28754 http://secunia.com/advisories/28758 http://secunia.com/advisories/28766 http://secunia.com/advisories/28808 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http:/& • CWE-399: Resource Management Errors •