CVSS: 9.8EPSS: 14%CPEs: 22EXPL: 0CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2008-5021
12 Nov 2008 — nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMo... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4934 – kernel: hfsplus: check read_mapping_page() return value
https://notcve.org/view.php?id=CVE-2008-4934
05 Nov 2008 — The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (system crash) via a crafted hfsplus filesystem image. La función hfsplus_block_allocate en el archivo fs/hfsplus/bitmap.c en el kernel de Linux anterior a versión 2.6.28-rc1 no verifica cierto valor de retorno de la función read_mapping_page anterior al llamar a kmap... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=649f1ee6c705aab644035a7998d7b574193a598a • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 35%CPEs: 48EXPL: 1CVE-2008-4582 – Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation
https://notcve.org/view.php?id=CVE-2008-4582
15 Oct 2008 — Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referen... • https://www.exploit-db.com/exploits/32466 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2008-4062 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-4062
24 Sep 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of Jav... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2008-3837 – mozilla: Forced mouse drag
https://notcve.org/view.php?id=CVE-2008-3837
24 Sep 2008 — Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2 y SeaMonkey antes de 1.1.12, permiten a atacantes remotos ayudados por el usuario mover una ventana durante un click de ratón y po... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ •
CVSS: 9.8EPSS: 3%CPEs: 9EXPL: 0CVE-2008-4058 – Mozilla privilege escalation via XPCnativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-4058
24 Sep 2008 — The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. El componente XPConnect en Mozilla Firefox antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17 y SeaMonkey before 1.1.12 permite a atacantes remotos "contaminar XPCNativeWrappers" y ejecutar cód... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 9EXPL: 0CVE-2008-4061 – Mozilla layout engine crash
https://notcve.org/view.php?id=CVE-2008-4061
24 Sep 2008 — Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. Desbordamiento de entero en el componente MathML de Mozilla Firefox antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 2%CPEs: 6EXPL: 0CVE-2008-4063 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-4063
24 Sep 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficie... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html •
CVSS: 6.1EPSS: 13%CPEs: 9EXPL: 1CVE-2008-4065 – Mozilla BOM characters stripped from JavaScript before execution
https://notcve.org/view.php?id=CVE-2008-4065
24 Sep 2008 — Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." Firefox de Mozilla antes de 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 permite a atacantes remotos evitar los mecan... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 2CVE-2008-4067 – resource: traversal vulnerability
https://notcve.org/view.php?id=CVE-2008-4067
24 Sep 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla anterior a 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 en Linux permite a atacantes remotos leer archivos de su elección... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •