CVSS: 10.0EPSS: 45%CPEs: 9EXPL: 0CVE-2008-4061 – Mozilla layout engine crash
https://notcve.org/view.php?id=CVE-2008-4061
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. Desbordamiento de entero en el componente MathML de Mozilla Firefox antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección mediante un elemento mtd con un valor entero grande en el atributo rowspan, relacionados con el motor de diseño. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 0CVE-2008-4062 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-4062
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. Múltiples vulnerabilidades sin especificar en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con el motor javaScript y (1) una mala interpretación de las características de Namespace y QName en jsxml.c, (2) un mal uso de enteros con signo en la función nsEscapeCount de nsEscape.cpp, y (3) la interacción de una colección de basura JavaScript con un cierto uso de NPObject en la función nsNPObjWrapper::GetNewOrUsed de nsJSNPRuntime.cpp. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 66%CPEs: 37EXPL: 0CVE-2008-2799 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2799
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos relativos a JavaScript Engine • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 29%CPEs: 37EXPL: 0CVE-2008-2803 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2803
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. La función mozIJSSubScriptLoader.LoadScript en Mozilla Firefox anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a 1.1.10no aplican XPCNativeWrappers a las secuencias de comandos cargadas desde (1) file: URIs, (2) data: URIs, o (3) certain non-canonical chrome: URIs, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores que implican accesorios de terceros. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 43%CPEs: 37EXPL: 0CVE-2008-2811 – Firefox block reflow flaw
https://notcve.org/view.php?id=CVE-2008-2811
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. La implemetación del bloque "reflow" en Mozilla Firefox anterior a v2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior a v1.1.10, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen cuyo tamaño muestra más píxels que los indicados en nscoord_MAX, relacionado con nsBlockFrame::DrainOverflowLines. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-399: Resource Management Errors •