CVSS: 7.5EPSS: 9%CPEs: 4EXPL: 2CVE-2007-3072
https://notcve.org/view.php?id=CVE-2007-3072
06 Jun 2007 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI. Vulnerabilidad de escalado de directorio en el ozilla Firefox anterior a la 2.0.0.4 bajo Windows permite a atacantes remotos leer ficheros de su elección mediante secuencias ..%5C (punto punto codificación barra inversa) en un URI resource://. • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 5%CPEs: 43EXPL: 0CVE-2007-3073
https://notcve.org/view.php?id=CVE-2007-3073
06 Jun 2007 — Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. Vulnerabilidad de salto de directorio en Mozilla Firefox 2.0.0.4 y anteriores en Mac OS X y Unix permite a atacantes remotos leer archivos de su elección mediante secuencias ..%2F (punto punto, barra codificada) en un URI resource://. • http://ha.ckers.org/blog/20070516/read-firefox-settings-poc •
CVSS: 7.5EPSS: 12%CPEs: 16EXPL: 0CVE-2007-2869 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2869
01 Jun 2007 — The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. La característica de automcompletado de formularios en el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y, posiblemente, versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (agotamien... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 •
CVSS: 7.5EPSS: 25%CPEs: 25EXPL: 1CVE-2007-1362 – Mozilla Firefox 2.0.0.2 - Document.Cookie Path Argument Denial of Service
https://notcve.org/view.php?id=CVE-2007-1362
01 Jun 2007 — Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos provocar... • https://www.exploit-db.com/exploits/29720 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 45%CPEs: 18EXPL: 0CVE-2007-2871 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2871
01 Jun 2007 — Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos simular o esconder el "browser chrome", como el de la barra de ubicació... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 •
CVSS: 9.8EPSS: 95%CPEs: 33EXPL: 0CVE-2007-2868
https://notcve.org/view.php?id=CVE-2007-2868
01 Jun 2007 — Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. Múltiples vulnerabilidades en el motor de JavaScript para el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, el Thunderbird 1.5.x anterior al 1... • http://fedoranews.org/cms/node/2747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 97%CPEs: 45EXPL: 0CVE-2007-2867 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2867
01 Jun 2007 — Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. Múltiples vulnerabilidades en el motor de capas del Mozilla Firefox 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, Thunderbird 1.5.x anterior al 1.5.0.... • http://fedoranews.org/cms/node/2747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 55%CPEs: 18EXPL: 0CVE-2007-2870
https://notcve.org/view.php?id=CVE-2007-2870
01 Jun 2007 — Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos evitar la política del "mismo-origen" (same-origin... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 •
CVSS: 7.1EPSS: 3%CPEs: 1EXPL: 3CVE-2007-2671 – Mozilla Firefox 2.0.0.3 - Href Denial of Service
https://notcve.org/view.php?id=CVE-2007-2671
14 May 2007 — Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. Mozilla Firefox 2.0.0.3 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de un nombre de host largo en un atributo HREF en un elemento A, lo cual dispara un acceso a memoria fuera del rango. • https://www.exploit-db.com/exploits/29940 •
CVSS: 9.1EPSS: 1%CPEs: 3EXPL: 0CVE-2007-2292
https://notcve.org/view.php?id=CVE-2007-2292
26 Apr 2007 — CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. Una vulnerabilidad de inyección CRLF en el soporte Digest Authentication para Mozilla Firefox anterior a la versión 2.0.0.8 y SeaMonkey anterior a la versión 1.1.5 permite a los atacantes remotos realizar ataques de división de peticiones HTTP por medio de LF (% 0a) bytes... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-20: Improper Input Validation •