CVSS: 10.0EPSS: 86%CPEs: 70EXPL: 1CVE-2008-0016 – Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0016
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. Desbordamiento de búfer basado en pila en la implementación de análisis URL de Firefox de Mozilla antes de 2.0.0.17 y SeaMonkey antes de 1.1.12 permite a atacantes remotos ejecutar código de su elección mediante un URL UTF-8 manipulado en un enlace. • https://www.exploit-db.com/exploits/9663 http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisories/32092 http://secunia.com&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.3EPSS: 25%CPEs: 6EXPL: 0CVE-2008-4063 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-4063
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. Múltiples vulnerabilidades sin especificar en Mozilla Firefox 3.x antes de 3.0.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con el motor de diseño y (1) un valor cero de la variable "this" en la función nsContentList::Item; (2) la interacción de la extensión indic IME, una selección de lenguaje Hindú, y el caracter "g"; y (3) la interacción en la función nsFrameList::SortByContentOrder con una cierta protección insuficiente de marcos inline. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31987 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisories/32089 http://secunia.com/advisories/32095 http://secunia.com/advisories/32096 http://secunia.com/advisories/32196 http://secunia.com/advisories/34501 http:// •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2008-3837 – mozilla: Forced mouse drag
https://notcve.org/view.php?id=CVE-2008-3837
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2 y SeaMonkey antes de 1.1.12, permiten a atacantes remotos ayudados por el usuario mover una ventana durante un click de ratón y posiblemente forzar una descarga de archivos u otras acciones "arrastrar y soltar", mediante una acción onmousedown manipulada que llama a window.moveBy, una variante de CVE-2003-0823. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32089 http://secunia.com/advisorie •
CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 4CVE-2008-3533 – Yelp 2.23.1 - Invalid URI Format String
https://notcve.org/view.php?id=CVE-2008-3533
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. Vulnerabilidad de cadena de formato en la función window_error de yelp-window.c en yelp de Gnome después de 2.19.90 y antes de 2.24 permite a atacantes remotos ejecutar código de su elección mediante especificadores de formato de cadena en un URI no válido en línea de comandos, como se demostró utilizando yelp en los controladores URI (1) man o (2) ghelp en Firefox, Evolution y otros programas no especificados. • https://www.exploit-db.com/exploits/32248 http://bugzilla.gnome.org/attachment.cgi?id=115890 http://bugzilla.gnome.org/show_bug.cgi?id=546364 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://secunia.com/advisories/31465 http://secunia.com/advisories/31620 http://secunia.com/advisories/31834 http://secunia.com/advisories/32629 http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 http://www.securityfocus.com/bid/30690 http://www.ubun • CWE-134: Use of Externally-Controlled Format String •
CVSS: 10.0EPSS: 66%CPEs: 37EXPL: 0CVE-2008-2799 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2799
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos relativos a JavaScript Engine • name=MDVSA-2008:155 http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.15 http://www.mozilla.org/security/announce/2008/mfsa2008-21.html http://www.redhat.com/support/errata/RHSA-2008-0547.html http://www.redhat.com/support/errata/RHSA-2008-0549.html http://www.redhat.com/support/errata/RHSA-2008-0569.html http://www.securityfocus.com/archive/1/494080/100/0/threaded http://www.securityfocus.com/bid/30038 http://www.securitytracker.com/id? • CWE-399: Resource Management Errors •