Page 247 of 1313 results (0.026 seconds)

CVSS: 5.0EPSS: 8%CPEs: 29EXPL: 0

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades sin especificar en el motor de JavaScript en el Mozilla Firefox anterior al 1.5.0.8, en el Thunderbird anterior al 1.5.0.8 y en el SeaMonkey anterior al 1.0.6 permiten a atacantes remotos provocar una denegación de servicio (caída) y la posibilidad de ejecutar código de su elección a través de vectores sin especificar que disparan una corrupción de memoria. • ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://rhn.redhat.com/errata/RHSA-2006-0733.html http://rhn.redhat.com/errata/RHSA-2006-0734.html http://rhn.redhat.com/errata/RHSA-2006-0735.html http://secunia.com/advisories/22066 http://secunia.com/advisories/22722 http://secunia.com/advisories/22727 http://secunia.com/advisories/22737 http://secunia.com/advisories/22763 http://secunia.com/advisories/22770 http://secunia.com/advisories/22774 http& •

CVSS: 10.0EPSS: 49%CPEs: 2EXPL: 0

Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data. Múltiples vulnerabilidades no especificadas en FireFox anteriores a 1.5.0.7, Thunderbird anteriores 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto provocar denegación de servicio(crash), corrupción de memoria, y posiblemente ejecutar código de su elección a través de vectores no especificados, algunos de los cuales implican JavaScript, y posiblemente imágenes grandes o adición de datos. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22055 http:/& •

CVSS: 2.6EPSS: 5%CPEs: 2EXPL: 0

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message. Mozilla thunderbird anteriores a 1.5.0.7 y SeaMonkey anterior a 1.0.5, con la "carga de imágenes" (Load Images) habilitada, permite a un atacante remoto con la complicidad del usuario evitar la configuración que deshabilita el JavaScript a través de un fichero remoto XBL en un mensaje que se carga cuando el usuario mira y reenvía o responde al mensaje original. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/22036 http://secunia.com/advisories/22055 http://secunia.com/advisories/22056 http://secunia.com/advisories/22074 http://secunia.com/advisories/22088 http://secunia.com/advisories/22247 http://secunia.com/advisories/22274 http:/& •

CVSS: 4.0EPSS: 26%CPEs: 4EXPL: 0

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339. NOTE: on 20061107, Mozilla released an advisory stating that these versions were not completely patched by MFSA2006-60. The newer fixes for 1.5.0.7 are covered by CVE-2006-5462. La librería Mozilla Network Security Service (NSS) anterior a 3.11.3, usada en Mozilla Firefox anterior a 1.5.0.7, Thunderbird anterior a 1.5.0.7, y SeaMonkey anterior a 1.0.5, cuando se usa una llave RSA con exponente 3, no maneja correctamente los datos en una firma, lo que permite a atacantes remotos falsificar firmas para SSL/TLS y certificados de correo electrónico; una vulnerabilidad muy similar a la CVE-2006-4339. NOTA: el 7/11/2006, Mozilla publicó un aviso afirmando que estas versiones no estaban completamente parcheadas por MFSA2006-60. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21903 http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http:/& • CWE-20: Improper Input Validation •

CVSS: 2.6EPSS: 1%CPEs: 2EXPL: 1

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update. Mozilla Firefox anterior a 1.5.0.7 y Thunderbird anteror a 1.5.0.7 hacen que fuera facil que los usuarios aceptaran certificados auto-firmados para el mecanismo de auto-actualización, el cual pudo permitir a atacantes con la complicidad del usuario usando suplantación DNS engañando a los usuarios con la visita a un sitio malicioso y aceptando un certificado malicioso para la actualización de Mozilla, el cual puede ser usado para instalar codido de elección del atacante en la siguiente actualización. • http://secunia.com/advisories/21906 http://secunia.com/advisories/21916 http://secunia.com/advisories/21939 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22055 http://secunia.com/advisories/22056 http://secunia.com/advisories/22066 http://secunia.com/advisories/22074 http://secunia.com/advisories/22088 http://secunia.com/advisories/22195 http:/& •