CVSS: 9.3EPSS: 12%CPEs: 80EXPL: 0CVE-2008-0420 – Mozilla information disclosure flaw
https://notcve.org/view.php?id=CVE-2008-0420
12 Feb 2008 — modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers ... • http://browser.netscape.com/releasenotes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 1CVE-2008-0591 – Mozilla information disclosure flaw
https://notcve.org/view.php?id=CVE-2008-0591
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". Mozilla Firefox versiones anteriores a 2.0.0.12 y Thunderbird versiones anteriores a 2.0.0.12, no administra apropiadamente un temporizador de retardo utilizado en los diálogo... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html •
CVSS: 7.5EPSS: 26%CPEs: 3EXPL: 1CVE-2008-0418 – Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure
https://notcve.org/view.php?id=CVE-2008-0418
08 Feb 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. Vulnerabilidad de salto de directorio en Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, y SeaMonkey en versiones anteriores a 1.1.8, cuando usa addons "llanos", per... • https://www.exploit-db.com/exploits/31051 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 13%CPEs: 3EXPL: 0CVE-2008-0415 – Mozilla arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-0415
08 Feb 2008 — Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8, permiten a atacantes remotos ejecutar scripts fuera de la caja de are... • http://browser.netscape.com/releasenotes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 46%CPEs: 3EXPL: 0CVE-2008-0413 – Mozilla javascript engine crashes
https://notcve.org/view.php?id=CVE-2008-0413
08 Feb 2008 — The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8 p... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 31%CPEs: 3EXPL: 0CVE-2008-0412 – Mozilla layout engine crashes
https://notcve.org/view.php?id=CVE-2008-0412
08 Feb 2008 — The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn method... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 96%CPEs: 3EXPL: 0CVE-2007-5339
https://notcve.org/view.php?id=CVE-2007-5339
21 Oct 2007 — Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. Múltiples vulnerabilidades en el Mozilla Firefox anterior al 2.0.0.8, en el Thunderbird anterior al 2.0.0.8 y en el SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un HTML modificado que dispara una corrup... • http://bugs.gentoo.org/show_bug.cgi?id=196481 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 61%CPEs: 3EXPL: 0CVE-2007-5340
https://notcve.org/view.php?id=CVE-2007-5340
21 Oct 2007 — Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modific... • http://bugs.gentoo.org/show_bug.cgi?id=196481 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2007-4841
https://notcve.org/view.php?id=CVE-2007-4841
12 Sep 2007 — Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. Mozilla Firefox versiones anteriores a 2.0.0.8, Thunderbird versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permiten a atacantes remotos ejecutar c... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 67%CPEs: 3EXPL: 2CVE-2007-3844 – Mozilla Firefox/Thunderbird/SeaMonkey - Chrome-Loaded About:Blank Script Execution
https://notcve.org/view.php?id=CVE-2007-3844
08 Aug 2007 — Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 y anterior a 1.5.0.1... • https://www.exploit-db.com/exploits/30439 •