Page 237 of 1313 results (0.027 seconds)

CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 0

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. Mozilla Firefox anterior a v2.0.0.15 y SeaMonkey anterior a v1.1.10 sobre Mac OS X, permite a atacantes remotos evitar la misma política de origen y crear conexiones con socket de su elección a través de un applet Java manipulado, relacionado con el Java Embedding Plugin (JEP) y Java LiveConnect. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://secunia.com/advisories/30898 http://secunia.com/advisories/30911 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/31076 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.383152 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&am • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 49%CPEs: 37EXPL: 0

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." Mozilla Firefox y versiones anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey y anteriores a 1.1.10 permiten a los atacantes remotos ejecutar código arbitrario a través de un documento XUL que incluye una secuencia de comandos desde un chrome: URI que apunta a un archivo de carga rápida, relacionado con el nivel de permisos de este fichero. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 22%CPEs: 37EXPL: 0

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. La función mozIJSSubScriptLoader.LoadScript en Mozilla Firefox anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a 1.1.10no aplican XPCNativeWrappers a las secuencias de comandos cargadas desde (1) file: URIs, (2) data: URIs, o (3) certain non-canonical chrome: URIs, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores que implican accesorios de terceros. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o tener otros impactos no especificados mediante un nombre de archivo modificado. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 66%CPEs: 37EXPL: 0

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos relativos a JavaScript Engine • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-399: Resource Management Errors •