CVSS: 6.5EPSS: 61%CPEs: 3EXPL: 0CVE-2007-5340
https://notcve.org/view.php?id=CVE-2007-5340
21 Oct 2007 — Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modific... • http://bugs.gentoo.org/show_bug.cgi?id=196481 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2007-4841
https://notcve.org/view.php?id=CVE-2007-4841
12 Sep 2007 — Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. Mozilla Firefox versiones anteriores a 2.0.0.8, Thunderbird versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permiten a atacantes remotos ejecutar c... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 67%CPEs: 3EXPL: 2CVE-2007-3844 – Mozilla Firefox/Thunderbird/SeaMonkey - Chrome-Loaded About:Blank Script Execution
https://notcve.org/view.php?id=CVE-2007-3844
08 Aug 2007 — Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 y anterior a 1.5.0.1... • https://www.exploit-db.com/exploits/30439 •
CVSS: 9.8EPSS: 95%CPEs: 4EXPL: 1CVE-2007-3845 – Multiple Browsers - URI Handlers Command Injection
https://notcve.org/view.php?id=CVE-2007-3845
08 Aug 2007 — Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." Mozilla Firefox anterior a 2.0.0.6, Thunderbird ante... • https://www.exploit-db.com/exploits/30381 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4038
https://notcve.org/view.php?id=CVE-2007-4038
27 Jul 2007 — Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. Una vulnerabilidad de inyección de argumentos en Mozilla Firefox versiones anteriores a 2.0.0.5, c... • http://larholm.com/2007/07/25/mozilla-protocol-abuse • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 88%CPEs: 10EXPL: 0CVE-2007-3734
https://notcve.org/view.php?id=CVE-2007-3734
18 Jul 2007 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en el motor de navegador Mozilla Firefox versiones anteriores 2.0.0.5 y Thunderbird versiones anteriores a 2.0.0.5 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados que d... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 9.3EPSS: 66%CPEs: 10EXPL: 0CVE-2007-3735
https://notcve.org/view.php?id=CVE-2007-3735
18 Jul 2007 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en el motor JavaScript de Mozilla Firefox anterior a 2.0.0.5 y Thunderbird anterior a 2.0.0.5 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados que disparan una corrup... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 9.8EPSS: 95%CPEs: 33EXPL: 0CVE-2007-2868
https://notcve.org/view.php?id=CVE-2007-2868
01 Jun 2007 — Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. Múltiples vulnerabilidades en el motor de JavaScript para el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, el Thunderbird 1.5.x anterior al 1... • http://fedoranews.org/cms/node/2747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 97%CPEs: 45EXPL: 0CVE-2007-2867 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2867
01 Jun 2007 — Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. Múltiples vulnerabilidades en el motor de capas del Mozilla Firefox 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, Thunderbird 1.5.x anterior al 1.5.0.... • http://fedoranews.org/cms/node/2747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 75%CPEs: 42EXPL: 0CVE-2007-1282
https://notcve.org/view.php?id=CVE-2007-1282
06 Mar 2007 — Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. Desbordamiento de entero en Mozilla Thunderbird anterior a 1.5.0.10 y SeaMonkey anterior a 1.0.8 permite a atacantes remotos disparar un desbordamiento de búfer y posiblemente ejecutar código de su elección mediante un mensaje de correo electrónico de tipo te... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc •