CVSS: 10.0EPSS: 45%CPEs: 70EXPL: 0CVE-2009-0352 – Firefox layout crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0352
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function. Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x antes de 3.0.6, Thunderbird antes de 2.0.0.21, y SeaMonkey antes de 1.1.15, permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con el diseño del motor y la destrucción arbitraria de objetos de diseño por la función nsViewManager::Composite. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33802 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 48%CPEs: 70EXPL: 0CVE-2009-0353 – Firefox javascript crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0353
Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine. Vulnerabilidad sin especificar en Mozilla Firefox v3.x anterior a v3.0.6, Thunderbird anterior a v2.0.0.21, y SeaMonkey anterior a v1.1.15 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación)o posiblemente ejecutar código de su elección a través de vectores relacionados con el motor JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33802 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 • CWE-399: Resource Management Errors •
CVSS: 2.6EPSS: 4%CPEs: 54EXPL: 0CVE-2008-5503 – Firefox 2 Information stealing via loadBindingDocument
https://notcve.org/view.php?id=CVE-2008-5503
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. La función loadBindingDocument en Mozilla Firefox 2.x antes de v2.0.0.19, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 no realiza ninguna comprobación de seguridad relacionada con la política de mismo dominio, que permite a atacantes remotos leer o acceder a datos de otros dominios mediante vínculos XBL manipulados. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33189 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/33523 http://secunia.com/advisories/33547 http:/& •
CVSS: 5.0EPSS: 75%CPEs: 42EXPL: 0CVE-2008-5016 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-5016
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. El motor de diseño en Mozilla Firefox 3.x versiones anteriores a v3.0.4, Thunderbird 2.x versiones anteriores a v2.0.0.18, y SeaMonkey 1.x versiones anteriores a v1.1.13 permite a atacantes remotos provocar una denegación de servicio (caída) a través de múltiples vectores que disparan un fallo de evaluación u otras consecuencias. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://ubuntu.com/usn/usn-667-1 http://www&# • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 144EXPL: 0CVE-2008-5012 – Mozilla Image stealing via canvas and HTTP redirect
https://notcve.org/view.php?id=CVE-2008-5012
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. Mozilla Firefox 2.x versiones anteriores a v2.0.0.18, Thunderbird 2.x versiones anteriores a v2.0.0.18, y SeaMonkey 1.x versiones anteriores a v1.1.13 no cambia apropiadamente la URI origen cuando procesa un elemento CANVAS y una redirección HTTP, lo cual permite a atacantes remotos evitar las mismas políticas de origen e imágenes aleatorias de acceso que no son directamente accesibles por el atacante. NOTA: esta cuestión se puede utilizar para enumerar software en un cliente mediante redirecciones realizadas con moz-icon. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://scary.beasts.org/security/CESA-2008-009.html http://scarybeastsecurity.blogspot.com/2008/11/firefox-cross-domain-image-theft-and.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •