CVSS: 9.8EPSS: 77%CPEs: 24EXPL: 0CVE-2008-2801 – Firefox arbitrary signed JAR code execution
https://notcve.org/view.php?id=CVE-2008-2801
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10, no implementan de forma correcta las firmas JAR, esto permite a atacantes remotos ejecutar código de su elección mediante (1) la inyección de JavaScript en ... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-287: Improper Authentication •
CVSS: 8.1EPSS: 3%CPEs: 36EXPL: 0CVE-2008-2806
https://notcve.org/view.php?id=CVE-2008-2806
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. Mozilla Firefox anterior a v2.0.0.15 y SeaMonkey anterior a v1.1.10 sobre Mac OS X, permite a atacantes remotos evitar la misma política de origen y crear conexiones con socket de su elección a través de un applet Java manipulado, relacionado con el Ja... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2800 – Firefox XSS attacks
https://notcve.org/view.php?id=CVE-2008-2800
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest. Mozilla Firefox anteriores a 2.0.0.15 y SeaMonkey anterior a 1.1.10, permite a atacantes remotos saltar el Same Origin Policy y conducir un ataque de secu... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 91%CPEs: 37EXPL: 0CVE-2008-2799 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2799
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causa... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 91%CPEs: 37EXPL: 0CVE-2008-2798 – Firefox malformed web content flaws
https://notcve.org/view.php?id=CVE-2008-2798
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Múltiples vulnerabilidades en Mozilla Firefox anterior a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior 1.1.10, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y p... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2008-2805 – Firefox arbitrary file disclosure
https://notcve.org/view.php?id=CVE-2008-2805
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 , permiten a atacantes remotos forzar la subida de ficheros locales desde un ordenador cliente, mediante los vectores que incluyen originalTarget y DOM Range. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 24EXPL: 0CVE-2008-2807 – Firefox .properties memory leak
https://notcve.org/view.php?id=CVE-2008-2807
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file. Mozilla Firefox y versiones anteriores a la 2.0.0.15 y SeaMonkey y versiones anteriores a la 1.1.10 que no gestionan correctamente una propiedad inválida de un fichero para un complemento, el cual permite a los atacantes remot... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.1EPSS: 1%CPEs: 64EXPL: 0CVE-2008-2808 – Firefox file location escaping flaw
https://notcve.org/view.php?id=CVE-2008-2808
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o te... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 59%CPEs: 37EXPL: 0CVE-2008-2811 – Firefox block reflow flaw
https://notcve.org/view.php?id=CVE-2008-2811
07 Jul 2008 — The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. La implemetación del bloque "reflow" en Mozilla Firefox anterior a v2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior a v1.1.10, permite a atacantes remotos ... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-2786
https://notcve.org/view.php?id=CVE-2008-2786
19 Jun 2008 — Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes. Desbordamiento de Búfer en Firefox 3.0 y 2.0 tiene un impacto y vectores de ataque desconocidos. NOTA: debido a la ausencia de detalles 20080619, no está claro si es el mismo problema que la CVE-2008-2785. • http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062832.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •