CVSS: 4.3EPSS: 0%CPEs: 102EXPL: 0CVE-2009-1309 – Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
https://notcve.org/view.php?id=CVE-2009-1309
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. Mozilla Firefox anteriores a 3.0.9, Thunderbird, y SeaMonkey no implementan correctamente la política de mismo origen para (1) XMLHttpRequest, suponiendo una perdida del documento principal, y (2) XPCNativeWrapper.toString, suponiendo un alcance _proto_ incorrecto, permitiendo a atacantes remotos con la intervención del usuario realizar ataques de secuencias de comandos en sitios cruzados (XSS) y posiblemente otros ataques al utilizar documentos manipulados. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 h • CWE-16: Configuration •
CVSS: 6.8EPSS: 26%CPEs: 77EXPL: 2CVE-2009-1304 – Firefox 3 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1304
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. El motor JavaScript en Mozilla Firefox v3.x en anteriores a v3.0.9, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.16 permite a atacantes remotos producir una denegación de servicio (caída de aplicación) y posiblemente iniciar una corrupción de memoria a través de vectores relacionados con (1) js_FindPropertyHelper, relacionado con las definiciones de "Math" y "Date"; (2) js_CheckRedeclaration. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1797 http://www.mandriva.com/security/advisories& • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 14%CPEs: 77EXPL: 1CVE-2009-1305 – Firefox 2 and 3 JavaScript engine crash
https://notcve.org/view.php?id=CVE-2009-1305
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. El motor JavaScript en Mozilla Firefox antes de 3.0.9, Thunderbird antes de 2.0.0.22, y SeaMonkey antes de 1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente disparar una corrupción de memoria mediante vectores en relación con JSOP_DEFVAR y con las propiedades que carecen del atributo JSPROP_PERMANENT. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search&# • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 88EXPL: 0CVE-2009-0774 – Firefox 2 and 3 crashes in the JavaScript engine
https://notcve.org/view.php?id=CVE-2009-0774
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. El motor de diseño en Mozilla Firefox 2 y 3 anterior a v3.0.7, Thunderbird anterior a v2.0.0.21, y SeaMonkey v1.1.15, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente la ejecución de código de su elección a través de vectores relacionados con "gczeal". Vulnerabilidad distinta de CVE-2009-0773. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://sec • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 16%CPEs: 88EXPL: 0CVE-2009-0772 – Firefox 2 and 3 - Layout engine crashes
https://notcve.org/view.php?id=CVE-2009-0772
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. El motor en Mozilla Firefox 2 y 3 anteriores v3.0.7, Thunderbird anteriores a v2.0.0.21, y SeaMonkey v1.1.15 permite a los atacantes remotos causar una denegación de servicios (caída) y posiblemente ejecutar arbitrariamente código a través de vectores relativos a nsCSSStyleSheet::GetOwnerNode, eventos, y recolección de basura, lo que lanza una corrupción de memoria • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://sec • CWE-399: Resource Management Errors •