CVSS: 10.0EPSS: 17%CPEs: 88EXPL: 0CVE-2009-0775 – Mozilla Firefox XUL Linked Clones Double Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-0775
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. Vulnerabilidad de doble liberación en Mozilla Firefox anteriores a v3.0.7, Thunderbird anteriores a v2.0.0.21, y SeaMonkey anteriores a v1.1.15 permite a atacantes remotos ejecutar código a su elección a través de "elementos XUL DOM clonados lo cuales son enlazados como padre e hijo", lo cual no es correctamente manejado durante la recolección de basura. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the browsers garbage collection process. When multiple DOM elements are cloned and linked to one another and the browser is reloaded, a memory corruption occurs resulting in a double free. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34417 http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=36 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 88EXPL: 0CVE-2009-0652 – firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
https://notcve.org/view.php?id=CVE-2009-0652
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. La lista negra de Internationalized Domain Names (IDN) en Mozilla Firefox versión 3.0.6 y otras versiones anteriores a 3.0.9; Thunderbird anterior a versión 2.0.0.21; y SeaMonkey anterior a versión 1.1.15, no incluye caracteres box-drawing, lo que permite a los atacantes remotos falsificar URL y conducir ataques de phishing, como es demostrado por homoglifos de / (barra lateral) y caracteres ? (signo de interrogación) en un subdominio de un nombre de dominio .cn, una vulnerabilidad diferente de CVE-2005-0233. • http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34096 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http& •
CVSS: 10.0EPSS: 45%CPEs: 70EXPL: 0CVE-2009-0352 – Firefox layout crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0352
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function. Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x antes de 3.0.6, Thunderbird antes de 2.0.0.21, y SeaMonkey antes de 1.1.15, permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con el diseño del motor y la destrucción arbitraria de objetos de diseño por la función nsViewManager::Composite. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33802 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 48%CPEs: 70EXPL: 0CVE-2009-0353 – Firefox javascript crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0353
Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine. Vulnerabilidad sin especificar en Mozilla Firefox v3.x anterior a v3.0.6, Thunderbird anterior a v2.0.0.21, y SeaMonkey anterior a v1.1.15 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación)o posiblemente ejecutar código de su elección a través de vectores relacionados con el motor JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33802 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2008-5508 – Firefox errors parsing URLs with control characters
https://notcve.org/view.php?id=CVE-2008-5508
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. Mozilla Firefox 3.x en versiones anteriores 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 no analizando propiamente URLs con espacios en blanco destacados o caracteres de control, el cual podría permitir a los atacantes remotos deformar URL y simplificar los ataques de fraude (phishing). • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http:/& • CWE-20: Improper Input Validation •