Page 17 of 98 results (0.008 seconds)

CVSS: 10.0EPSS: 7%CPEs: 3EXPL: 1

Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. Mozilla (suite) anteriores a 1.7.1 y Firefox anteriores a 0.9.2, y Thunderbird anteriores a 0.7.2 permiten a atacantes remotos lanzar programas arbitrarios mediante una URI referenciando el protocolo shell: • https://www.exploit-db.com/exploits/24263 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023573.html http://marc.info/?l=bugtraq&m=108938712815719&w=2 http://secunia.com/advisories/12027 http://www.ciac.org/ciac/bulletins/o-175.shtml http://www.kb.cert.org/vuls/id/927014 http://www.mozilla.org/projects/security/known-vulnerabilities.html http://www.mozilla.org/security/shell.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16655 •

CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 1

Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Mozilla permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Mozilla envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 http://www.redhat.com/support/errata/RHSA-2004-112.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917 https://oval.cisecurity.org/repository/search/definition/oval& •

CVSS: 6.8EPSS: 1%CPEs: 32EXPL: 1

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. Mozilla 1.4.2 ejecuta eventos de Javascript en el contexto de una nueva página mientras se está cargando, permitiéndolo interactuar con la página anterior ("documento zombi") y posibilitando ataques de secuencias de comandos en sitios cruzados (XSS), como se ha demostrado usando eventos onmousemove. • http://bugzilla.mozilla.org/show_bug.cgi?id=227417 http://marc.info/?l=bugtraq&m=107774710729469&w=2 http://marc.info/?l=bugtraq&m=108448379429944&w=2 http://www.osvdb.org/4062 http://www.redhat.com/support/errata/RHSA-2004-110.html http://www.redhat.com/support/errata/RHSA-2004-112.html http://www.securityfocus.com/bid/9747 https://exchange.xforce.ibmcloud.com/vulnerabilities/15322 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874 •

CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 0

The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed. • http://secunia.com/advisories/11103 http://www.mandriva.com/security/advisories?name=MDKSA-2004:021 http://www.osvdb.org/8390 http://www.securityfocus.com/advisories/6979 http://www.securityfocus.com/bid/9322 https://bugzilla.mozilla.org/show_bug.cgi?id=221526 • CWE-502: Deserialization of Untrusted Data •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Mozilla 1.3 y 1.4a permite que servidores IMAP remotos dañinos originen una denegación de servicio (y posiblemente ejecuten código arbitrario) mediante ciertos tamaños muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •