CVSS: 6.8EPSS: 1%CPEs: 32EXPL: 1CVE-2004-0191
https://notcve.org/view.php?id=CVE-2004-0191
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva página mientras se está cargando, permitiéndolo interactuar con la página anterior ("documento zombi") y posibilitando ataques de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado usando eventos onmousemove. • http://bugzilla.mozilla.org/show_bug.cgi?id=227417 http://marc.info/?l=bugtraq&m=107774710729469&w=2 http://marc.info/?l=bugtraq&m=108448379429944&w=2 http://www.osvdb.org/4062 http://www.redhat.com/support/errata/RHSA-2004-110.html http://www.redhat.com/support/errata/RHSA-2004-112.html http://www.securityfocus.com/bid/9747 https://exchange.xforce.ibmcloud.com/vulnerabilities/15322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0CVE-2003-0791
https://notcve.org/view.php?id=CVE-2003-0791
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. • http://secunia.com/advisories/11103 http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 http://www.osvdb.org/8390 http://www.securityfocus.com/advisories/6979 http://www.securityfocus.com/bid/9322 https://bugzilla.mozilla.org/show_bug.cgi?id=221526 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-0298
https://notcve.org/view.php?id=CVE-2003-0298
The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Mozilla 1.3 y 1.4a permite que servidores IMAP remotos dañinos originen una denegación de servicio (y posiblemente ejecuten código arbitrario) mediante ciertos tamaños muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2003-0300
https://notcve.org/view.php?id=CVE-2003-0300
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •