Page 124 of 672 results (0.020 seconds)

CVSS: 5.0EPSS: 8%CPEs: 29EXPL: 0

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades sin especificar en el motor de JavaScript en el Mozilla Firefox anterior al 1.5.0.8, en el Thunderbird anterior al 1.5.0.8 y en el SeaMonkey anterior al 1.0.6 permiten a atacantes remotos provocar una denegación de servicio (caída) y la posibilidad de ejecutar código de su elección a través de vectores sin especificar que disparan una corrupción de memoria. • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://rhn.redhat.com/errata/RHSA-2006-0733.html http://rhn.redhat.com/errata/RHSA-2006-0734.html http://rhn.redhat.com/errata/RHSA-2006-0735.html http://secunia.com/advisories/22066 http://secunia.com/advisories/22722 http://secunia.com/advisories/22727 http://secunia.com/advisories/22737 http://secunia.com/advisories/22763 http://secunia.com/advisories/22770 http://secunia.com/advisories/22774 http& •

CVSS: 5.0EPSS: 40%CPEs: 3EXPL: 6

Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference. Firefox 1.5.0.7 y 2.0, y Seamonkey 1.1b, permite a atacantes remotos provocar una denegación de servicio (caída) creando un objeto rango usando createRange, llamando a selectNode en un nodo DocType (DOCUMENT_TYPE_NODE), y después llamando a createContextualFragment en el rango, lo cual dispara una referencia nula. NOTA: el post original en Bugtraq mencionaba que la ejecución de código era posible, pero análisis posteriores han mostrado que es sólo una referencia nula. • https://www.exploit-db.com/exploits/2695 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050416.html http://www.gotfault.net/research/advisory/gadv-firefox.txt http://www.securityfocus.com/archive/1/450155/100/0/threaded http://www.securityfocus.com/archive/1/450167/100/0/threaded http://www.securityfocus.com/archive/1/450168/100/0/threaded http://www.securityfocus.com/archive/1/450682/100/200/threaded http://www.securityfocus.com/archive/1/452803/100/0/ •

CVSS: 10.0EPSS: 49%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data. Múltiples vulnerabilidades no especificadas en FireFox anteriores a 1.5.0.7, Thunderbird anteriores 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto provocar denegación de servicio(crash), corrupción de memoria, y posiblemente ejecutar código de su elección a través de vectores no especificados, algunos de los cuales implican JavaScript, y posiblemente imágenes grandes o adición de datos. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22055 http:/& •

CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 0

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. Mozilla FireFox anterior a 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto evitar el modelo de seguridad e inyectar contenidos dentro de una sub-estructura de otro sitio a través de targetWindow.frames[n].document.open(), el cual facilita la suplantación y otros ataques. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22056 http://secunia.com/advisories/22066 http://secunia.com/advisories/22195 http:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 5%CPEs: 2EXPL: 0

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message. Mozilla thunderbird anteriores a 1.5.0.7 y SeaMonkey anterior a 1.0.5, con la "carga de imágenes" (Load Images) habilitada, permite a un atacante remoto con la complicidad del usuario evitar la configuración que deshabilita el JavaScript a través de un fichero remoto XBL en un mensaje que se carga cuando el usuario mira y reenvía o responde al mensaje original. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/22036 http://secunia.com/advisories/22055 http://secunia.com/advisories/22056 http://secunia.com/advisories/22074 http://secunia.com/advisories/22088 http://secunia.com/advisories/22247 http://secunia.com/advisories/22274 http:/& •