Page 209 of 1131 results (0.025 seconds)

CVSS: 10.0EPSS: 12%CPEs: 72EXPL: 1

CVE-2008-4070 – Thunderbird cancelled newsgrop messages

https://notcve.org/view.php?id=CVE-2008-4070

Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." Desbordamiento de búfer basado en montículo en Mozilla Thunderbird antes de v2.0.0.17 y SeaMonkey antes de v1.1.12 permite a atacantes remotos causar denegación de servicio (caída de aplicación) o posibilita la ejecución de código de su elección a través de una cabecera larga en un artículo de noticias, relacionados con "cancelación de [a] mensajes de grupos de noticias" y "mensajes de grupos de noticias canceladas." • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/32010 http://secunia.com/advisories/32025 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisories/32092 http://secunia.com/advisories/32196 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com/advisories/34501 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.3EPSS: 96%CPEs: 9EXPL: 1

CVE-2008-4065 – Mozilla BOM characters stripped from JavaScript before execution

https://notcve.org/view.php?id=CVE-2008-4065

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." Firefox de Mozilla antes de 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 permite a atacantes remotos evitar los mecanismos de protección de inyección de secuencias de comandos en sitios cruzados (XSS) y llevar a cabo ataques XSS mediante caracteres de marca de orden de byte (BOM) que son eliminados de código javaScript antes de la ejecución, también conocido como "error de caracteres BOM deshechos" • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 1%CPEs: 10EXPL: 2

CVE-2008-4067 – resource: traversal vulnerability

https://notcve.org/view.php?id=CVE-2008-4067

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla anterior a 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 en Linux permite a atacantes remotos leer archivos de su elección mediante .. (punto punto) y caracteres codificados URL / (barra) en una fuente URI. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-4068 – recource: bypass

https://notcve.org/view.php?id=CVE-2008-4068

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permite a atacantes remotos evitar "restricciones impuestas en archivos HTML locales" y obtener información sensible y a los usuarios de línea de comandos escribir esta información en un archivo, mediante secuencias de salto de directorio en un URI fuente. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 2%CPEs: 132EXPL: 0

CVE-2008-3835 – mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation

https://notcve.org/view.php?id=CVE-2008-3835

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. La función nsXMLDocument::OnChannelRedirect en Firefox de Mozilla antes de 2.0.0.17, Thunderbird antes de 2.0.0.17 y SeaMonkey antes de 1.1.12 permite a atacantes remotos evitar "Same Origin Policy (Política de Mismo Origen)" y ejecutar código javaScript de su elección mediante desconocidos. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •