Page 116 of 1300 results (0.018 seconds)

CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 1

13 Nov 2008 — Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18, Y SeaMonkey 1.x antes de 1.1.13 no escapan de manera apropiada los caracteres usados para el procesamiento X... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-91: XML Injection (aka Blind XPath Injection) •

CVSS: 10.0EPSS: 16%CPEs: 9EXPL: 0

13 Nov 2008 — Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. Desbordamiento de entero en xpcom/io/nsEscape.cpp en el motor de navegación en Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18 y SeaMonkey 1.x antes de 1.1.13 permite a atacantes rem... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0

13 Nov 2008 — The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. La función AppendAttributeValue en el motor de JavaScript en Mozilla Firefox v2.x anterior a v2.0.0.18, Thunderbird v2.x anterior a v2.0.0.18, y SeaMonkey v1.x anterior a v1.1.13 , p... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-399: Resource Management Errors •

CVSS: 9.8EPSS: 2%CPEs: 9EXPL: 0

13 Nov 2008 — The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. El método nsXMLHttpRequest::NotifyEventListeners en Firefox v3.x anterior a v3.0.4, Firefox v2.x anterior a v2.0.0.18, Thunderbird v2.x anterior a v2.0.0.18 y SeaMonkey v1.x anterior a v1.1.13... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 76%CPEs: 42EXPL: 0

13 Nov 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. El motor de diseño en Mozilla Firefox 3.x versiones anteriores a v3.0.4, Thunderbird 2.x versiones anteriores a v2.0.0.18, y SeaMonkey 1.x versiones anteriores a v1.1.13 permite a atacantes remotos provocar una denegación de servicio (caída) a través de... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 27%CPEs: 9EXPL: 0

13 Nov 2008 — jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. jslock.cpp en Mozilla Firefox 3.x antes de 3.0.2, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-20: Improper Input Validation •

CVSS: 8.2EPSS: 2%CPEs: 144EXPL: 0

13 Nov 2008 — Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. Mozilla Firefox 2.x versiones anteriores a v2.0.0.18, Thun... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 75%CPEs: 22EXPL: 0

12 Nov 2008 — nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMo... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 10.0EPSS: 5%CPEs: 72EXPL: 1

27 Sep 2008 — Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." Desbordamiento de búfer basado en montículo en Mozilla Thunderbird antes de v2.0.0.17 y SeaMonkey antes de v1.1.12 permite a atacantes remotos causar denegación de servicio (caída de aplicació... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 2

24 Sep 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla anterior a 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 en Linux permite a atacantes remotos leer archivos de su elección... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •