CVSS: 7.5EPSS: 2%CPEs: 132EXPL: 0CVE-2008-3835 – mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation
https://notcve.org/view.php?id=CVE-2008-3835
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. La función nsXMLDocument::OnChannelRedirect en Firefox de Mozilla antes de 2.0.0.17, Thunderbird antes de 2.0.0.17 y SeaMonkey antes de 1.1.12 permite a atacantes remotos evitar "Same Origin Policy (Política de Mismo Origen)" y ejecutar código javaScript de su elección mediante desconocidos. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 8%CPEs: 9EXPL: 0CVE-2008-4058 – Mozilla privilege escalation via XPCnativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-4058
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. El componente XPConnect en Mozilla Firefox antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17 y SeaMonkey before 1.1.12 permite a atacantes remotos "contaminar XPCNativeWrappers" y ejecutar código de su elección con privilegios chrome mediante vectores relacionados con (1) chrome XBL y (2) chrome JS. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 63%CPEs: 134EXPL: 0CVE-2008-4060 – Mozilla privilege escalation via XPCnativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-4060
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permite a atacantes remotos crear documentos que no tienen objetos de manejo de scripts y ejecutar código de su elección con privilegios chrome, mediante vectores relacionados con (1) la función document.loadBindingDocument y (2) XSLT. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 45%CPEs: 9EXPL: 0CVE-2008-4061 – Mozilla layout engine crash
https://notcve.org/view.php?id=CVE-2008-4061
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. Desbordamiento de entero en el componente MathML de Mozilla Firefox antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección mediante un elemento mtd con un valor entero grande en el atributo rowspan, relacionados con el motor de diseño. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 2%CPEs: 9EXPL: 0CVE-2008-4062 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-4062
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp. Múltiples vulnerabilidades sin especificar en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con el motor javaScript y (1) una mala interpretación de las características de Namespace y QName en jsxml.c, (2) un mal uso de enteros con signo en la función nsEscapeCount de nsEscape.cpp, y (3) la interacción de una colección de basura JavaScript con un cierto uso de NPObject en la función nsNPObjWrapper::GetNewOrUsed de nsJSNPRuntime.cpp. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-399: Resource Management Errors •