CVSS: 9.8EPSS: 95%CPEs: 4EXPL: 1CVE-2007-3845 – Multiple Browsers - URI Handlers Command Injection
https://notcve.org/view.php?id=CVE-2007-3845
08 Aug 2007 — Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." Mozilla Firefox anterior a 2.0.0.6, Thunderbird ante... • https://www.exploit-db.com/exploits/30381 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4038
https://notcve.org/view.php?id=CVE-2007-4038
27 Jul 2007 — Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. Una vulnerabilidad de inyección de argumentos en Mozilla Firefox versiones anteriores a 2.0.0.5, c... • http://larholm.com/2007/07/25/mozilla-protocol-abuse • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 88%CPEs: 10EXPL: 0CVE-2007-3734
https://notcve.org/view.php?id=CVE-2007-3734
18 Jul 2007 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en el motor de navegador Mozilla Firefox versiones anteriores 2.0.0.5 y Thunderbird versiones anteriores a 2.0.0.5 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados que d... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 9.3EPSS: 66%CPEs: 10EXPL: 0CVE-2007-3735
https://notcve.org/view.php?id=CVE-2007-3735
18 Jul 2007 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en el motor JavaScript de Mozilla Firefox anterior a 2.0.0.5 y Thunderbird anterior a 2.0.0.5 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados que disparan una corrup... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 9.8EPSS: 95%CPEs: 33EXPL: 0CVE-2007-2868
https://notcve.org/view.php?id=CVE-2007-2868
01 Jun 2007 — Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. Múltiples vulnerabilidades en el motor de JavaScript para el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, el Thunderbird 1.5.x anterior al 1... • http://fedoranews.org/cms/node/2747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 97%CPEs: 45EXPL: 0CVE-2007-2867 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2867
01 Jun 2007 — Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. Múltiples vulnerabilidades en el motor de capas del Mozilla Firefox 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, Thunderbird 1.5.x anterior al 1.5.0.... • http://fedoranews.org/cms/node/2747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 75%CPEs: 42EXPL: 0CVE-2007-1282
https://notcve.org/view.php?id=CVE-2007-1282
06 Mar 2007 — Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. Desbordamiento de entero en Mozilla Thunderbird anterior a 1.5.0.10 y SeaMonkey anterior a 1.0.8 permite a atacantes remotos disparar un desbordamiento de búfer y posiblemente ejecutar código de su elección mediante un mensaje de correo electrónico de tipo te... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc •
CVSS: 8.1EPSS: 91%CPEs: 10EXPL: 0CVE-2007-0009 – NSS: SSLv2 protocol buffer overflows
https://notcve.org/view.php?id=CVE-2007-0009
26 Feb 2007 — Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. Un desbordamiento de búfer en la región stack de la memoria en el soporte SSLv2 en Mozilla Network Security Services (NSS) anterior a v... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 96%CPEs: 86EXPL: 0CVE-2007-0008 – NSS: SSLv2 protocol buffer overflows
https://notcve.org/view.php?id=CVE-2007-0008
26 Feb 2007 — Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. Un subdesbordamiento de enteros en el sopor... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 94%CPEs: 7EXPL: 0CVE-2007-0777
https://notcve.org/view.php?id=CVE-2007-0777
26 Feb 2007 — The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. El motor JavaScript de Mozilla Firefox anterior a 1.5.0.10 y 2.x anterior a 2.0.0.2, Thunderbird anterior a 1.5.0.10, y SeaMonkey anterior a 1.0.8 permite a atacantes remotos provocar una denegación de servicio (caída) y posib... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •