CVSS: 10.0EPSS: 74%CPEs: 70EXPL: 0CVE-2009-0352 – Firefox layout crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0352
04 Feb 2009 — Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function. Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x antes de 3.0.6, Thunderbird antes de 2.0.0.21, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 71%CPEs: 70EXPL: 0CVE-2009-0353 – Firefox javascript crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0353
04 Feb 2009 — Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine. Vulnerabilidad sin especificar en Mozilla Firefox v3.x anterior a v3.0.6, Thunderbird anterior a v2.0.0.21, y SeaMonkey anterior a v1.1.15 permite a atacantes remotos provocar una denegación de servicio (corrupción d... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 2%CPEs: 10EXPL: 0CVE-2008-5511 – Firefox XSS via XBL bindings to unloaded document
https://notcve.org/view.php?id=CVE-2008-5511
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." Mozilla Firefox 3.x antes de v3.0.5 y 2.x antes de v2.0.0.19, Thunderbird 2.x antes 2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos evitar la política de mismo origen y llevar a cabo ataques de secuencias de comandos ... • http://secunia.com/advisories/33184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 4%CPEs: 54EXPL: 0CVE-2008-5503 – Firefox 2 Information stealing via loadBindingDocument
https://notcve.org/view.php?id=CVE-2008-5503
17 Dec 2008 — The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. La función loadBindingDocument en Mozilla Firefox 2.x antes de v2.0.0.19, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 no realiza ninguna comprobación de seguridad relacionada con l... • http://secunia.com/advisories/33184 •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5506 – Firefox XMLHttpRequest 302 response disclosure
https://notcve.org/view.php?id=CVE-2008-5506
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones an... • http://secunia.com/advisories/33184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-5507 – Firefox Cross-domain data theft via script redirect error message
https://notcve.org/view.php?id=CVE-2008-5507
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Th... • http://scary.beasts.org/security/CESA-2008-011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5508 – Firefox errors parsing URLs with control characters
https://notcve.org/view.php?id=CVE-2008-5508
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. Mozilla Firefox 3.x en versiones anteriores 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 no analizando propiamente URLs con es... • http://secunia.com/advisories/33184 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 2%CPEs: 9EXPL: 0CVE-2008-5510 – Firefox null characters ignored by CSS parser
https://notcve.org/view.php?id=CVE-2008-5510
17 Dec 2008 — The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. El analizador CSS en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 ignora el carácter... • http://secunia.com/advisories/33184 •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5512 – Firefox JavaScript privilege escalation
https://notcve.org/view.php?id=CVE-2008-5512
17 Dec 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores anteriores a 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.... • http://secunia.com/advisories/33184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2008-5500 – Layout engine crashes - Firefox 2 and 3
https://notcve.org/view.php?id=CVE-2008-5500
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provoc... • http://secunia.com/advisories/33184 • CWE-399: Resource Management Errors •