CVSS: 9.3EPSS: 13%CPEs: 80EXPL: 0CVE-2008-0420 – Mozilla information disclosure flaw
https://notcve.org/view.php?id=CVE-2008-0420
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. El archivo modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp en Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8, no realiza apropiadamente ciertos cálculos relacionados con la tabla mColors, lo que permite a los atacantes remotos leer partes de memoria no inicializadas por medio de un archivo de mapa de bits de 8 bits (BMP) diseñado que desencadena una lectura fuera de límites dentro de la pila, como es demostrado mediante el uso de un elemento CANVAS; o al causar una denegación de servicio (bloqueo de la aplicación) por medio de un archivo de mapa de bits de 8 bits diseñado que desencadena una lectura fuera de límites. NOTA: los reportes públicos iniciales indicaron que esto afectó a Firefox en Ubuntu versiones 6.06 hasta 7.10. • http://browser.netscape.com/releasenotes http://secunia.com/advisories/28758 http://secunia.com/advisories/28839 http://secunia.com/advisories/29049 http://secunia.com/advisories/29098 http://secunia.com/advisories/29167 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http://securitytracker.com/id?1019434 http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1 http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml http://www.mandriva. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 96%CPEs: 3EXPL: 0CVE-2007-5339
https://notcve.org/view.php?id=CVE-2007-5339
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. Múltiples vulnerabilidades en el Mozilla Firefox anterior al 2.0.0.8, en el Thunderbird anterior al 2.0.0.8 y en el SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un HTML modificado que dispara una corrupción de memoria o errores de aserción. • http://bugs.gentoo.org/show_bug.cgi?id=196481 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27313 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27326 http://secunia.com/advisories&#x • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 59%CPEs: 3EXPL: 0CVE-2007-5340
https://notcve.org/view.php?id=CVE-2007-5340
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modificado que dispara una corrupción de memoria. • http://bugs.gentoo.org/show_bug.cgi?id=196481 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27313 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27326 http://secunia.com/advisories&#x • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 0CVE-2007-4841
https://notcve.org/view.php?id=CVE-2007-4841
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. Mozilla Firefox versiones anteriores a 2.0.0.8, Thunderbird versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permiten a atacantes remotos ejecutar comandos arbitrarios por medio de un URI (1) mailto, (2) nntp, (3) news o (4) snews con codificación "%" no válida, relacionada con el manejo de un tipo de archivo inapropiado en Windows XP con Internet Explorer versión 7 instalado, una variante de CVE-2007-3845. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27360 http://secunia.com/advisories/27414 http://secunia.com/advisories/27744 http://secunia.com/advisories/28363 http://secunia.com/advisories/28398 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-sec • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 95%CPEs: 4EXPL: 1CVE-2007-3845 – Multiple Browsers - URI Handlers Command Injection
https://notcve.org/view.php?id=CVE-2007-3845
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." Mozilla Firefox anterior a 2.0.0.6, Thunderbird anterior a 1.5.0.13 y 2.x anterior a 2.0.0.6, y SeaMonkey anterior a 1.1.4 permite a atacantes remotos ejecutar código de su elección mediante ciertos vectores asociados con el lanzamiento de "un programa de manejo de ficheros basado en la extensión del fichero al final del URI", una variante de CVE-2007-4041. El vendedor afirma que "todavía es posible lanzar un manipulador de tipo de fichero basado en la extensión en lugar de el manipulador de protocolo registrado". • https://www.exploit-db.com/exploits/30381 http://bugzilla.mozilla.org/show_bug.cgi?id=389580 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/26234 http://secunia.com/advisories/26258 http://secunia.com/advisories/26303 http://secunia.com/advisories/26309 http://secunia.com/advisories/26331 http://secunia.com/advisories/26335 http://secunia.com •