CVSS: 9.8EPSS: 41%CPEs: 75EXPL: 0CVE-2008-2785 – Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2785
19 Jun 2008 — Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. Firefox anterior a versión 2.0.0.16 y versiones 3.x anteriores a 3.0.1, Thunderbir... • http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2008-2419 – Mozilla Firefox 2.0.0.14 - JSframe Heap Corruption Denial of Service
https://notcve.org/view.php?id=CVE-2008-2419
23 May 2008 — Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence. Mozilla Firefox 2.0.0.14, permite a atacantes remotos provocar una denegación de servicio (corrupción de montículo y caída de aplicación) o posib... • https://www.exploit-db.com/exploits/31817 • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 7%CPEs: 1EXPL: 0CVE-2008-2014
https://notcve.org/view.php?id=CVE-2008-2014
30 Apr 2008 — Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. Mozilla Firefox 3.0 beta 5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de código JavaScript que llama a document.write en un bucle infinito. • http://es.geocities.com/jplopezy/pruebamozilla.html • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 15%CPEs: 49EXPL: 0CVE-2008-1380 – Firefox JavaScript garbage collection crash
https://notcve.org/view.php?id=CVE-2008-1380
17 Apr 2008 — The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.14, Thunderbird versiones anteriores a 2.0.0.14, y SeaMonkey versiones anteriores a 1.1.10 permite a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 8%CPEs: 2EXPL: 0CVE-2008-1240
https://notcve.org/view.php?id=CVE-2008-1240
28 Mar 2008 — LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. NOTE: this is closely related to CVE-2008-1195. LiveConnect de Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9 no analiza sintácticamente de forma correcta el contenido original de URIs jar antes de enviarlas a la extensió... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html •
CVSS: 9.8EPSS: 87%CPEs: 3EXPL: 0CVE-2008-1233 – Mozilla products XPCNativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-1233
27 Mar 2008 — Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." Vulnerabilidad no especificada en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos ejecutar código de su elección a través de "XPCNativeWrapper pollution." • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 18%CPEs: 3EXPL: 0CVE-2008-1234 – universal XSS using event handlers
https://notcve.org/view.php?id=CVE-2008-1234
27 Mar 2008 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos inyectar web script o ... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 85%CPEs: 105EXPL: 0CVE-2008-1235 – chrome privilege via wrong principal
https://notcve.org/view.php?id=CVE-2008-1235
27 Mar 2008 — Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." Vulnerabilidad no especificada en Mozilla Firefox en versiones anteriores a 2.0.0.13, Thunderbird en versiones anteriores a 2.0.0.13 y SeaMonkey en versiones anteriores a 1.1.9 permite a atacantes remotos ejecuta... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html •
CVSS: 9.8EPSS: 65%CPEs: 3EXPL: 0CVE-2008-1236 – browser engine crashes
https://notcve.org/view.php?id=CVE-2008-1236
27 Mar 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos provocar una denegación de ... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 65%CPEs: 3EXPL: 0CVE-2008-1237 – javascript crashes
https://notcve.org/view.php?id=CVE-2008-1237
27 Mar 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos provocar una denegación... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-399: Resource Management Errors •