CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5415
https://notcve.org/view.php?id=CVE-2007-5415
12 Oct 2007 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox 2.0, cuando el contenido de documentos UTF-7 es renderizado directamente en UTF-7, permite a atacantes r... • http://securityreason.com/securityalert/3216 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5045
https://notcve.org/view.php?id=CVE-2007-5045
24 Sep 2007 — Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. Vulnerabilidad de inyección de argumentos en Apple QuickTime 7.1.5 y anteriores, cua... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 2%CPEs: 88EXPL: 0CVE-2007-4879
https://notcve.org/view.php?id=CVE-2007-4879
13 Sep 2007 — Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. Mozilla Firefox anterior a Firefox versión 2.0.0.13, y SeaMonkey anterior a versión 1.1.9, pueden instalar automáticamente certificados de cliente TLS con una... • http://0x90.eu/ff_tls_poc.html •
CVSS: 9.3EPSS: 2%CPEs: 3EXPL: 0CVE-2007-4841
https://notcve.org/view.php?id=CVE-2007-4841
12 Sep 2007 — Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. Mozilla Firefox versiones anteriores a 2.0.0.8, Thunderbird versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permiten a atacantes remotos ejecutar c... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 4%CPEs: 1EXPL: 2CVE-2007-4357
https://notcve.org/view.php?id=CVE-2007-4357
15 Aug 2007 — Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. Mozilla Firefox 2.0.0.6 y anteriores permite a atacantes remotos falsificar los contenidos de la barra de estado mediante un enlace a un URI data: conteniendo una URL codificada. NOTA: la severidad de est... • http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing •
CVSS: 6.1EPSS: 67%CPEs: 3EXPL: 2CVE-2007-3844 – Mozilla Firefox/Thunderbird/SeaMonkey - Chrome-Loaded About:Blank Script Execution
https://notcve.org/view.php?id=CVE-2007-3844
08 Aug 2007 — Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 y anterior a 1.5.0.1... • https://www.exploit-db.com/exploits/30439 •
CVSS: 9.8EPSS: 95%CPEs: 4EXPL: 1CVE-2007-3845 – Multiple Browsers - URI Handlers Command Injection
https://notcve.org/view.php?id=CVE-2007-3845
08 Aug 2007 — Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." Mozilla Firefox anterior a 2.0.0.6, Thunderbird ante... • https://www.exploit-db.com/exploits/30381 •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4038
https://notcve.org/view.php?id=CVE-2007-4038
27 Jul 2007 — Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. Una vulnerabilidad de inyección de argumentos en Mozilla Firefox versiones anteriores a 2.0.0.5, c... • http://larholm.com/2007/07/25/mozilla-protocol-abuse • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 9EXPL: 0CVE-2007-4041
https://notcve.org/view.php?id=CVE-2007-4041
27 Jul 2007 — Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. Múltiples vulnerabilidades de inyección de argumento en Mozilla Firefox 2.0.0.5 y 3.0alpha permite a atacantes remotos ejecutar comandos de su elección mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs... • http://www.kb.cert.org/vuls/id/783400 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 54%CPEs: 5EXPL: 0CVE-2007-3737
https://notcve.org/view.php?id=CVE-2007-3737
18 Jul 2007 — Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." Mozilla Firefox versiones anteriores a 2.0.0.5 permite a atacantes remotos ejecutar código de su elección con privilegios "chrome" al invocar un gestor de eventos desde un "elemento fuera del documento" no especificado. • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •