CVSS: 7.1EPSS: 10%CPEs: 77EXPL: 5CVE-2009-1302 – Firefox 3 Layout engine crashes
https://notcve.org/view.php?id=CVE-2009-1302
22 Apr 2009 — The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) P... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 1%CPEs: 94EXPL: 0CVE-2009-1307 – view-source: protocol
https://notcve.org/view.php?id=CVE-2009-1307
22 Apr 2009 — The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. La implementación view-source: URI en Mozilla Firefox anteriores a v3.0.9, Thun... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 19%CPEs: 77EXPL: 1CVE-2009-1305 – Firefox 2 and 3 JavaScript engine crash
https://notcve.org/view.php?id=CVE-2009-1305
22 Apr 2009 — The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. El motor JavaScript en Mozilla Firefox antes de 3.0.9, Thunderbird antes de 2.0.0.22, y SeaMonkey antes de 1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de la aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 30%CPEs: 77EXPL: 2CVE-2009-1304 – Firefox 3 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1304
22 Apr 2009 — The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. El motor JavaScript en Mozilla Firefox v3.x en anteriores a v3.0.9, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.16 permite a atacantes re... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 6%CPEs: 94EXPL: 1CVE-2009-1312 – Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1312
22 Apr 2009 — Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. Mozilla Firefox anteriores a v3.0.9 y SeaMonkey no bloquean el código "javascript": URIs en cabeceras "Refresh" ... • https://www.exploit-db.com/exploits/32942 • CWE-16: Configuration •
CVSS: 6.1EPSS: 5%CPEs: 102EXPL: 1CVE-2009-1308 – Firefox XSS hazard using third-party stylesheets and XBL bindings
https://notcve.org/view.php?id=CVE-2009-1308
22 Apr 2009 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anteriores a 3.0.9, Thunderbird, y SeaMonkey permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediant... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 102EXPL: 0CVE-2009-1306 – jar: scheme ignores the content-disposition: header on the inner URI
https://notcve.org/view.php?id=CVE-2009-1306
22 Apr 2009 — The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. La implementación de jar: URI en Mozilla Firefox anteriores 3.0.9, Thunderbird, y SeaMonkey no cumplen la cabecera "Content-Disposition" de la URI interna, permitiendo a atacan... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-16: Configuration •
CVSS: 6.1EPSS: 1%CPEs: 92EXPL: 1CVE-2009-1310 – Firefox Malicious search plugins can inject code into arbitrary sites
https://notcve.org/view.php?id=CVE-2009-1310
22 Apr 2009 — Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la implementación del plugin MozSearch en Mozilla Firefox anteriores a v3.0.9 permite a atacantes remotos con la intervención del usuario inyectar secuencias de comandos web o HTML de su elección mediante ... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 102EXPL: 0CVE-2009-1309 – Firefox Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString
https://notcve.org/view.php?id=CVE-2009-1309
22 Apr 2009 — Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. Mozilla Firefox anteriores a 3.0.9, Thunderbird, y SeaMonkey no implementan correctamente la política de mismo origen para (1) XMLH... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 73%CPEs: 12EXPL: 3CVE-2009-1232 – Mozilla Firefox 3.0.x - XML Parser Memory Corruption / Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-1232
02 Apr 2009 — Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected. Firefox de Mozilla versiones 3.0.8 y anteriores a 3.0.x, permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria) por medio de un documento XML compuesto por una serie larga de etiquetas de inic... • https://www.exploit-db.com/exploits/8306 • CWE-20: Improper Input Validation •