Page 205 of 1159 results (0.008 seconds)

CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v3.12.3 no tratan apropiadamente un carácter '\0' en un nombre de dominio en el campo nombre común (CN) del asunto de un certificado X.509, que permite a un atacante de hombre-en-el-medio suplantar servidores SSL arbitrarios a través de un certificado manipulado por una autoridad de certificación. • http://isc.sans.org/diary.html?storyid=7003 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://marc.info/?l=oss-security&m=125198917018936&w=2 http://osvdb.org/56723 http://secunia.com/advisories/36088 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/36669 http://secunia.com/advisories/37098 http://sunsolve.sun.com • CWE-295: Improper Certificate Validation •

CVSS: 5.0EPSS: 3%CPEs: 185EXPL: 2

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-2009-1692. • https://www.exploit-db.com/exploits/9160 http://www.exploit-db.com/exploits/9160 http://www.g-sec.lu/one-bug-to-rule-them-all.html http://www.securityfocus.com/archive/1/504969/100/0/threaded http://www.securityfocus.com/archive/1/504988/100/0/threaded http://www.securityfocus.com/archive/1/504989/100/0/threaded http://www.securityfocus.com/archive/1/505006/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=460713 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 9%CPEs: 108EXPL: 0

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. Mozilla Thunderbird en versiones anteriores a la 2.0.0.22 y SeaMonkey en versiones anteriores a la 1.1.17 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección mediante mensaje de correo eléctronico multipart/alternative que contenga una parte text/enhanced que dispara el acceso a un tipo de objeto incorrecto. • http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35633 http://secunia.com/advisories/35882 http://securitytracker.com/id?1022433 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408 http://www.debian.org/security/2009/dsa-1830 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://www.mozilla.org/security/announce/2009/mfsa2009-33.html http://www.redhat.com/support/errat •

CVSS: 9.3EPSS: 1%CPEs: 202EXPL: 0

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. js/src/xpconnect/src/xpcwrappedjsclass.cpp en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anterior a v1.1.17 permite a atacantes remotos ejecutar secuencias de comandos web de forma arbitraria con los privilegios de un objeto "chrome", como se ha demostrado en la barra lateral del navegador y el FeedWriter. • http://osvdb.org/55159 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 14%CPEs: 202EXPL: 2

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar codigo arbitrario a traves de vectores que incluyen "construccion de doble marco". • http://osvdb.org/55148 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http://securitytracker.com/id?1022376 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 • CWE-94: Improper Control of Generation of Code ('Code Injection') •