CVSS: 9.3EPSS: 47%CPEs: 3EXPL: 0CVE-2008-0413 – Mozilla javascript engine crashes
https://notcve.org/view.php?id=CVE-2008-0413
The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente disparar una corrupción de memoria a través de (1) sentencia switch larga (2) determinados usos de watch y eval, (3) determinados usos del evento de escucha mousedown y otros vectores. • http://browser.netscape.com/releasenotes http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28754 http://secunia.com/advisories/28758 http://secunia.com/advisories/28766 http://secunia.com/advisories/28808 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http:/& • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0415 – Mozilla arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-0415
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8, permiten a atacantes remotos ejecutar scripts fuera de la caja de arena (sandbox) y realizar ataques de secuencias de comandos en sitios cruzados (XSS) a través de múltiples vectores incluyendo la función XMLDocument.load, también conocidos como "bugs de escalado de privilegios en JavaScript".< • http://browser.netscape.com/releasenotes http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28754 http://secunia.com/advisories/28758 http://secunia.com/advisories/28766 http://secunia.com/advisories/28808 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 3%CPEs: 3EXPL: 1CVE-2008-0418 – Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure
https://notcve.org/view.php?id=CVE-2008-0418
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. Vulnerabilidad de salto de directorio en Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, y SeaMonkey en versiones anteriores a 1.1.8, cuando usa addons "llanos", permite a atacantes remotos leer Javascript, imágenes, y ficheros de hojas de estilo de su elección a través de chrome: URI scheme, tal y como se demostró robando información de la sesión de sessionstore.js. • https://www.exploit-db.com/exploits/31051 http://browser.netscape.com/releasenotes http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28622 http://secunia.com/advisories/28754 http://secunia.com/advisories/28766 http://secunia.com/advisories/28808 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 ht • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.3EPSS: 14%CPEs: 2EXPL: 1CVE-2008-0591 – Mozilla information disclosure flaw
https://notcve.org/view.php?id=CVE-2008-0591
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". Mozilla Firefox versiones anteriores a 2.0.0.12 y Thunderbird versiones anteriores a 2.0.0.12, no administra apropiadamente un temporizador de retardo utilizado en los diálogos de confirmación, que podría permitir a atacantes remotos engañar a los usuarios para que confirmen una acción no segura, como la ejecución remota de archivos, mediante el uso de un temporizador para cambiar el enfoque de ventana, también conocido como el "dialog refocus bug" o "ffclick2". • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html http://browser.netscape.com/releasenotes http://lcamtuf.coredump.cx/ffclick2 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28754 http://secunia.com/advisories/28758 http://secunia.com/advisories/28766 http://secunia.com/advisories/28808 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secuni •
CVSS: 4.3EPSS: 59%CPEs: 3EXPL: 0CVE-2007-5340
https://notcve.org/view.php?id=CVE-2007-5340
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modificado que dispara una corrupción de memoria. • http://bugs.gentoo.org/show_bug.cgi?id=196481 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27313 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27326 http://secunia.com/advisories&#x • CWE-20: Improper Input Validation •