CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2008-5104
https://notcve.org/view.php?id=CVE-2008-5104
17 Nov 2008 — Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. Ubuntu 6.06 LTS, 7.10, 8.04 LTS y 8.10, cuando está instalado como una máquina virtual por (1) python-vm-builder o (2) ubuntu-vm-builder en VMBuilder 0.9 en Ubuntu 8.10, tiene un ! (signo de exclamación) como la contraseña por defe... • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 14%CPEs: 9EXPL: 0CVE-2008-5014 – Mozilla crash and remote code execution via __proto__ tampering
https://notcve.org/view.php?id=CVE-2008-5014
13 Nov 2008 — jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. jslock.cpp en Mozilla Firefox 3.x antes de 3.0.2, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 9%CPEs: 9EXPL: 0CVE-2008-5017 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-5017
13 Nov 2008 — Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. Desbordamiento de entero en xpcom/io/nsEscape.cpp en el motor de navegación en Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18 y SeaMonkey 1.x antes de 1.1.13 permite a atacantes rem... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 11%CPEs: 9EXPL: 0CVE-2008-5018 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-5018
13 Nov 2008 — The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. El motor JavaScript en Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18, y SeaMonkey 1.x antes de 1.1.13, permite a atacantes remotos provocar una denegación de servicio (cra... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 6%CPEs: 7EXPL: 0CVE-2008-5019 – Mozilla XSS via session restore
https://notcve.org/view.php?id=CVE-2008-5019
13 Nov 2008 — The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. La característica de restauración de sesión en Mozilla Firefox 3.x antes de 3.0.4 y 2.x antes de 2.0.0.18 permite a atacantes remotos violar la política de mismo origen para llevar a cabo ataques de secuencias de comandos en sitios cruzados (X... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 10%CPEs: 9EXPL: 0CVE-2008-5022 – nsXMLHttpRequest:: NotifyEventListeners() same-origin violation
https://notcve.org/view.php?id=CVE-2008-5022
13 Nov 2008 — The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. El método nsXMLHttpRequest::NotifyEventListeners en Firefox v3.x anterior a v3.0.4, Firefox v2.x anterior a v2.0.0.18, Thunderbird v2.x anterior a v2.0.0.18 y SeaMonkey v1.x anterior a v1.1.13... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 14%CPEs: 8EXPL: 0CVE-2008-5023 – Mozilla -moz-binding property bypasses security checks on codebase principals
https://notcve.org/view.php?id=CVE-2008-5023
13 Nov 2008 — Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. Firefox 3.x antes de v3.0.4, Firefox 2.x antes de v2.0.0.18 y SeaMonkey 1.x antes de v1.1.13 permite a atacantes remotos evitar los mecanismos de protección para "codebase principals" y ejecutar secuencias de comandos de su elección mediante la propiedad -m... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 5%CPEs: 9EXPL: 1CVE-2008-5024 – Mozilla parsing error in E4X default namespace
https://notcve.org/view.php?id=CVE-2008-5024
13 Nov 2008 — Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18, Y SeaMonkey 1.x antes de 1.1.13 no escapan de manera apropiada los caracteres usados para el procesamiento X... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 9.8EPSS: 4%CPEs: 9EXPL: 0CVE-2008-0017 – Mozilla buffer overflow in http-index-format parser
https://notcve.org/view.php?id=CVE-2008-0017
13 Nov 2008 — The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. El analizador de tipo http-index-format MIME (nsDirIndexParser) en Firefox 3.x antes de 3.0.4, Firefox 2.x an... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2008-4989 – gnutls: certificate chain verification flaw
https://notcve.org/view.php?id=CVE-2008-4989
13 Nov 2008 — The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN). La función _gnutls_x509_verify_certificate en lib/x509/verify.c en libgnutls en GnuTLS antes de v2.6.1 confía en las cadenas de certificado en las que el último certificado es un certificado de conf... • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3215 • CWE-295: Improper Certificate Validation •