CVSS: 9.3EPSS: 96%CPEs: 45EXPL: 0CVE-2007-2867 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2867
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. Múltiples vulnerabilidades en el motor de capas del Mozilla Firefox 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, Thunderbird 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con punteros suspendidos, corrupción de montículo, con signo/sin signo, y otras cuestiones. • http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://osvdb.org/35134 http://secunia.com/advisories/24406 http://secunia.com/advisories/24456 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25489 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 91%CPEs: 33EXPL: 0CVE-2007-2868
https://notcve.org/view.php?id=CVE-2007-2868
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. Múltiples vulnerabilidades en el motor de JavaScript para el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, el Thunderbird 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, y el SeaMonkey 1.0.9 y 1.1.2 permite a atacantes remotos provocar una denegación de servicio (caída) y, posiblemente, ejecutar código de su elección a través de vectores que disparan un agotamiento de memoria. • http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://osvdb.org/35138 http://secunia.com/advisories/24406 http://secunia.com/advisories/24456 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25489 http:// • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 28%CPEs: 25EXPL: 1CVE-2007-1362 – Mozilla Firefox 2.0.0.2 - Document.Cookie Path Argument Denial of Service
https://notcve.org/view.php?id=CVE-2007-1362
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos provocar una denegación de servicio a través de (1) una cookie grande en el parámetro path, lo que dispara un agotamiento de memoria, o (2) un delimitador interno dentro una cookie en los valores path o name, lo que puede disparar una malinterpretación de los datos de una cookie, también conocido como "Path Abuse en las Cookies". • https://www.exploit-db.com/exploits/29720 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35140 http://secunia.com/advisories/25476 http://secunia.com/advisories/25490 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia.com/advisories/25685 http://secunia.com/advisories/25750 http:/&#x • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 36%CPEs: 18EXPL: 0CVE-2007-2870
https://notcve.org/view.php?id=CVE-2007-2870
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos evitar la política del "mismo-origen" (same-origin) y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) u otros ataques, utilizando el método addEventListener para añadir un evento de escucha para un sitio, que es ejecutado en el contexto de ese sitio. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35136 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25490 http://secunia.com/advisories/25491 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia. •
CVSS: 4.3EPSS: 17%CPEs: 18EXPL: 0CVE-2007-2871 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2871
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos simular o esconder el "browser chrome", como el de la barra de ubicación, mediante la colocación de popups XUL fuera de la ventana que contiene el buscador. NOTA: Esta vulnerabilidad se puede utilizar para ataques de phishing y otros tipos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35137 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25490 http://secunia.com/advisories/25491 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia. •