CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0CVE-2008-5507 – Firefox Cross-domain data theft via script redirect error message
https://notcve.org/view.php?id=CVE-2008-5507
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones anteriores a v2.0.0.19 y SeaMonkey 1.x versiones anteriores a v1.1.14 permite a atacantes remotos evitar la política origen y acceder a partes de datos de otro dominio a través de URL javascript que redirige a la fuente objetivo, el cual genera un error si los datos objetivo no tienen sintaxis Javascript, a los que se puede acceder utilizando la API window.onerror DOM. • http://scary.beasts.org/security/CESA-2008-011.html http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5500 – Layout engine crashes - Firefox 2 and 3
https://notcve.org/view.php?id=CVE-2008-5500
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente provocar una corrupción de memoria a través de vectores relacionados con (1) un fallo de aserción o (2) un desbordamiento de entero. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2008-5511 – Firefox XSS via XBL bindings to unloaded document
https://notcve.org/view.php?id=CVE-2008-5511
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." Mozilla Firefox 3.x antes de v3.0.5 y 2.x antes de v2.0.0.19, Thunderbird 2.x antes 2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos evitar la política de mismo origen y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) mediante una vinculación XBL a un "documento no descargado". • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-5430
https://notcve.org/view.php?id=CVE-2008-5430
Mozilla Thunderbird 2.0.14 does not properly handle (1) multipart/mixed e-mail messages with many MIME parts and possibly (2) e-mail messages with many "Content-type: message/rfc822;" headers, which might allow remote attackers to cause a denial of service (stack consumption or other resource consumption) via a large e-mail message, a related issue to CVE-2006-1173. Mozilla Thunderbird versión 2.0.14 no maneja apropiadamente (1) los mensajes de correo electrónico multiparte/mixtos con muchas partes MIME y posiblemente (2) los mensajes de correo electrónico con muchos encabezados "Content-type: message/rfc822;", que podrían permitir a los atacantes remotos causar una denegación de servicio (consumo de pila u otro consumo de recursos) por medio de un mensaje de correo electrónico largo, un problema relacionado con CVE-2006-1173. • http://mime.recurity.com/cgi-bin/twiki/view/Main/AttackIntro http://www.securityfocus.com/archive/1/499038/100/0/threaded http://www.securityfocus.com/archive/1/499045/100/0/threaded http://www.securityfocus.com/bid/32869 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2008-5052
https://notcve.org/view.php?id=CVE-2008-5052
The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger memory corruption, as demonstrated by e4x/extensions/regress-410192.js. La función AppendAttributeValue en el motor de JavaScript en Mozilla Firefox v2.x anterior a v2.0.0.18, Thunderbird v2.x anterior a v2.0.0.18, y SeaMonkey v1.x anterior a v1.1.13 , permite a atacantes remotos provocar una denegación de servicio (caída) a través de vectores desconocidos que lanzan una corrupción de memoria, como se ha demostrado con e4x/extensions/regress-410192.js. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:228 http://www.mandriva.com/security/advisories?name=MDVSA-2008:235 http://www.mozilla.org/security/announce/2008/mfsa2008-52.html http://www.securityfocus.com/bid/32281 http://www.securitytracker.com/id?1021183 http://www.us-cert.gov/cas/techalerts/TA08-319A.html http://www.vupen.com/english/advisories/2008/3146 https://bugzilla.mozilla.org/show_ • CWE-399: Resource Management Errors •