CVSS: 9.8EPSS: 31%CPEs: 37EXPL: 0CVE-2008-2803 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2803
07 Jul 2008 — The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. La función mozIJSSubScriptLoader.LoadScript en Mozilla Firefox anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anter... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 79%CPEs: 37EXPL: 0CVE-2008-2802 – Firefox arbitrary JavaScript code execution
https://notcve.org/view.php?id=CVE-2008-2802
07 Jul 2008 — Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." Mozilla Firefox y versiones anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey y anteriores a 1.1.10 permiten a los atacantes remotos ejecutar código arbitrario a través de un documento XUL que incluye una secuenc... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 3%CPEs: 36EXPL: 0CVE-2008-2806
https://notcve.org/view.php?id=CVE-2008-2806
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. Mozilla Firefox anterior a v2.0.0.15 y SeaMonkey anterior a v1.1.10 sobre Mac OS X, permite a atacantes remotos evitar la misma política de origen y crear conexiones con socket de su elección a través de un applet Java manipulado, relacionado con el Ja... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 91%CPEs: 37EXPL: 0CVE-2008-2799 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2799
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causa... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 91%CPEs: 37EXPL: 0CVE-2008-2798 – Firefox malformed web content flaws
https://notcve.org/view.php?id=CVE-2008-2798
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Múltiples vulnerabilidades en Mozilla Firefox anterior a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior 1.1.10, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y p... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 64EXPL: 0CVE-2008-2808 – Firefox file location escaping flaw
https://notcve.org/view.php?id=CVE-2008-2808
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o te... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 59%CPEs: 37EXPL: 0CVE-2008-2811 – Firefox block reflow flaw
https://notcve.org/view.php?id=CVE-2008-2811
07 Jul 2008 — The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. La implemetación del bloque "reflow" en Mozilla Firefox anterior a v2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior a v1.1.10, permite a atacantes remotos ... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 41%CPEs: 75EXPL: 0CVE-2008-2785 – Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2785
19 Jun 2008 — Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. Firefox anterior a versión 2.0.0.16 y versiones 3.x anteriores a 3.0.1, Thunderbir... • http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 15%CPEs: 49EXPL: 0CVE-2008-1380 – Firefox JavaScript garbage collection crash
https://notcve.org/view.php?id=CVE-2008-1380
17 Apr 2008 — The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.14, Thunderbird versiones anteriores a 2.0.0.14, y SeaMonkey versiones anteriores a 1.1.10 permite a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 83%CPEs: 3EXPL: 0CVE-2008-1233 – Mozilla products XPCNativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-1233
27 Mar 2008 — Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." Vulnerabilidad no especificada en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos ejecutar código de su elección a través de "XPCNativeWrapper pollution." • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •