CVSS: 9.3EPSS: 96%CPEs: 45EXPL: 0CVE-2007-2867 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2867
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. Múltiples vulnerabilidades en el motor de capas del Mozilla Firefox 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, Thunderbird 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos provocar una denegación de servicio (caída) a través de vectores relacionados con punteros suspendidos, corrupción de montículo, con signo/sin signo, y otras cuestiones. • http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://osvdb.org/35134 http://secunia.com/advisories/24406 http://secunia.com/advisories/24456 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25489 http:// • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2176
https://notcve.org/view.php?id=CVE-2007-2176
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. ... Una vulnerabilidad no especificada en Mozilla Firefox, permite a atacantes remotos ejecutar código arbitrario por medio de vectores no especificados involucrando errores de Javascript. • http://osvdb.org/38857 http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won •
CVSS: 9.3EPSS: 94%CPEs: 3EXPL: 0CVE-2007-0776
https://notcve.org/view.php?id=CVE-2007-0776
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. Un Desbordamiento de búfer en la región heap de la memoria en la función _cairo_pen_init en Mozilla Firefox versión 2.x anterior a 2.0.0.2, Thunderbird anterior a la versión 1.5.0.10, y SeaMonkey anterior a versión 1.0.8 permite a los atacantes remotos ejecutar código arbitrario por medio de un atributo stroke-width en el elemento clipPath en un archivo SVG. • http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://secunia.com/advisories/24205 http://secunia.com/advisories/24238 http://secunia.com/advisories/24252 http://secunia.com/advisories/24293 http://secunia.com/advisories/24320& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 7EXPL: 0CVE-2007-0777
https://notcve.org/view.php?id=CVE-2007-0777
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. El motor JavaScript de Mozilla Firefox anterior a 1.5.0.10 y 2.x anterior a 2.0.0.2, Thunderbird anterior a 1.5.0.10, y SeaMonkey anterior a 1.0.8 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante determinados vectores que disparan una corrupción de memoria. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errata/RHS • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 96%CPEs: 3EXPL: 1CVE-2007-1092
https://notcve.org/view.php?id=CVE-2007-1092
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. Mozilla Firefox 1.5.0.9 y 2.0.0.1, y SeaMonkey versiones anteriores a 1.0.8 permite a atacantes remotos ejecutar código de su elección mediante gestores Javascript onUnload que modifican la estructura de un documento, lo cual dispara corrupción de memoria debido una deficiencia de un enganche (hook) finalize en objetos DOM tipo window. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://osvdb.org/32103 http://secunia.com/advisories/24333 http://secunia.com/advisories/24343 http://secunia.com/ad •