CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2008-4068 – recource: bypass
https://notcve.org/view.php?id=CVE-2008-4068
24 Sep 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey ... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 6%CPEs: 70EXPL: 0CVE-2008-4069 – Mozilla XBM decoder information disclosure
https://notcve.org/view.php?id=CVE-2008-4069
24 Sep 2008 — The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. El decodificador XBM de Firefox de Mozilla antes del 2.0.0.17 y SeaMonkey anterior a 1.1.12 permite a atacantes remotos leer memoria no inicializada y posiblemente obtener información sensible en circunstancias oportunas mediante un archivo de imagen XBM manipulado. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-3444
https://notcve.org/view.php?id=CVE-2008-3444
04 Aug 2008 — The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." El componente de diseño de contenido de Mozilla Firefox 3.0 y 3.0.1, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de una página web manipulada pero bien formada que contiene ... • http://blog.mozilla.com/security/2008/07/30/low-risk-denial-of-service-in-firefox • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 7%CPEs: 3EXPL: 1CVE-2008-2934
https://notcve.org/view.php?id=CVE-2008-2934
18 Jul 2008 — Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. Mozilla Firefox 3 anterior a la versión 3.0.1 sobre Mac OS X permite a atacante remotos causar una denegación de servicio (Con caida de la aplicación) o posiblemente ejecutar codigo arbitrario mediante un fichero GIF manipulado que ocasiona la liberacion de un puntero no inicializado. • http://secunia.com/advisories/31132 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 1%CPEs: 63EXPL: 0CVE-2008-2933 – Firefox command line URL launches multi-tabs
https://notcve.org/view.php?id=CVE-2008-2933
17 Jul 2008 — Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. Mozilla Firefox en versiones anteriores a 2.0.0.16 y 3.x ante... • http://secunia.com/advisories/31106 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 0CVE-2008-3198
https://notcve.org/view.php?id=CVE-2008-3198
17 Jul 2008 — Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933. Mozilla Firefox en versiones 3.x anteriores a 3.0.1 que permiten a los atacantes remotos insertar código arbitrario de secuencia de comandos web dentro de un documento chrome a través de vectores no especificados, como se demuestra por inyección en ... • http://www.mozilla.org/security/announce/2008/mfsa2008-35.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.8EPSS: 2%CPEs: 18EXPL: 0CVE-2008-2809 – Firefox self signed certificate flaw
https://notcve.org/view.php?id=CVE-2008-2809
08 Jul 2008 — Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Mozilla 1.9 M8 y anteriores, Mozi... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 31%CPEs: 37EXPL: 0CVE-2008-2803 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2803
07 Jul 2008 — The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. La función mozIJSSubScriptLoader.LoadScript en Mozilla Firefox anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anter... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 79%CPEs: 37EXPL: 0CVE-2008-2802 – Firefox arbitrary JavaScript code execution
https://notcve.org/view.php?id=CVE-2008-2802
07 Jul 2008 — Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." Mozilla Firefox y versiones anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey y anteriores a 1.1.10 permiten a los atacantes remotos ejecutar código arbitrario a través de un documento XUL que incluye una secuenc... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 1%CPEs: 24EXPL: 0CVE-2008-2810 – Firefox arbitrary file disclosure
https://notcve.org/view.php?id=CVE-2008-2810
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10, no identifican correctamente el contexto de los ficheros de acceso de directo de Windows, esto permite a atacantes remotos con la ayuda del usuario evitar el Same Origin... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •