CVSS: 9.3EPSS: 88%CPEs: 10EXPL: 0CVE-2007-3734
https://notcve.org/view.php?id=CVE-2007-3734
18 Jul 2007 — Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en el motor de navegador Mozilla Firefox versiones anteriores 2.0.0.5 y Thunderbird versiones anteriores a 2.0.0.5 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados que d... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 9.3EPSS: 38%CPEs: 5EXPL: 0CVE-2007-3738
https://notcve.org/view.php?id=CVE-2007-3738
18 Jul 2007 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. Múltiples vulnerabilidades no especificadas en Mozilla Firefox anterior a 2.0.0.5 permite a atacantes remotos ejecutar código de su elección mediante un XPCNativeWrapper manipulado. • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 6.1EPSS: 7%CPEs: 5EXPL: 0CVE-2007-3736
https://notcve.org/view.php?id=CVE-2007-3736
18 Jul 2007 — Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anterior a 2.0.0.5 permite a atacantes remotos inyectar secuencias de comandos web "dentro de otros contextos d... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 9.3EPSS: 66%CPEs: 10EXPL: 0CVE-2007-3735
https://notcve.org/view.php?id=CVE-2007-3735
18 Jul 2007 — Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en el motor JavaScript de Mozilla Firefox anterior a 2.0.0.5 y Thunderbird anterior a 2.0.0.5 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados que disparan una corrup... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 6.5EPSS: 3%CPEs: 1EXPL: 2CVE-2007-3657
https://notcve.org/view.php?id=CVE-2007-3657
10 Jul 2007 — Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that would lead to a DoS condition. ** IMPUGNADA ** Mozilla Firefox 2.0.0.4 permite a atacantes remotos provocar denegación de servicio a través de la apertura de múltiples pestañas en una ventana automática. NOTA: Este asunto ha sido impugna... • http://osvdb.org/45812 •
CVSS: 8.2EPSS: 72%CPEs: 31EXPL: 2CVE-2007-3656
https://notcve.org/view.php?id=CVE-2007-3656
10 Jul 2007 — Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2) XMLHttpRequest, or (3) view-source URIs. Mozilla Firefox versiones anteriores a 1.8.0.13 y 1.8.1.x versiones anteriores a 1.8.1.5 no realiza comprobaciones de seguridad de zona cuando procesa un wyciwyg URI, lo ... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 3%CPEs: 26EXPL: 1CVE-2007-3511
https://notcve.org/view.php?id=CVE-2007-3511
03 Jul 2007 — The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. El manejo del enfoque para el evento onkeydown en Mozilla Firefox versiones 1.5.0.12, 2.0.0.0.4 y otras versiones anteriores a 2.0.0.8, y SeaMonkey versiones... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html •
CVSS: 8.8EPSS: 3%CPEs: 45EXPL: 1CVE-2007-3285
https://notcve.org/view.php?id=CVE-2007-3285
20 Jun 2007 — Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested file differently than Windows would. Mozilla Firefox versiones anteriores a 2.0.0.5, cuando se ejecuta en Windows, permite a atacantes remotos omitir las comprobaciones del tipo de archivo y posiblemente ejecutar ... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 94%CPEs: 41EXPL: 0CVE-2007-3089
https://notcve.org/view.php?id=CVE-2007-3089
06 Jun 2007 — Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. Mozilla Firefox anterior a versión 2.0.0.5 no impide el uso de document.write para reemplazar un IFRAME (1) ... • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 3CVE-2007-3074
https://notcve.org/view.php?id=CVE-2007-3074
06 Jun 2007 — Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI. Mozilla Firefox 2.0.0.4 y anteriores permite a atacantes remotos leer ficheros del directorio local de instalación de Firefox mediante un URI resource://. • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •