CVSS: 10.0EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5500 – Layout engine crashes - Firefox 2 and 3
https://notcve.org/view.php?id=CVE-2008-5500
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provocar una denegación de servicio (caída) y probablemente provocar una corrupción de memoria a través de vectores relacionados con (1) un fallo de aserción o (2) un desbordamiento de entero. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2008-5104
https://notcve.org/view.php?id=CVE-2008-5104
Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual machine by (1) python-vm-builder or (2) ubuntu-vm-builder in VMBuilder 0.9 in Ubuntu 8.10, have ! (exclamation point) as the default root password, which allows attackers to bypass intended login restrictions. Ubuntu 6.06 LTS, 7.10, 8.04 LTS y 8.10, cuando está instalado como una máquina virtual por (1) python-vm-builder o (2) ubuntu-vm-builder en VMBuilder 0.9 en Ubuntu 8.10, tiene un ! (signo de exclamación) como la contraseña por defecto de root, lo que permite a atacantes remotos evitar las restricciones de login previstas. • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46881 • CWE-255: Credentials Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 1CVE-2008-5103
https://notcve.org/view.php?id=CVE-2008-5103
The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in VMBuilder 0.9 in Ubuntu 8.10 omit the -e option when invoking chpasswd with a root:! argument, which configures the root account with a cleartext password of ! (exclamation point) and allows attackers to bypass intended login restrictions. Las implementaciones (1) python-vm-builder y (2) ubuntu-vm-builder en VMBuilder v0.9 en Ubuntu v8.10 omiten la opción -e cuando invocan chpasswd con un argumento root:!, lo cual configura la cuenta raíz con una contraseña en texto claro de ! • http://launchpadlibrarian.net/19619929/vm-builder_0.9-0ubuntu3.1.debdiff http://osvdb.org/49996 http://secunia.com/advisories/32697 http://www.securityfocus.com/bid/32292 http://www.ubuntu.com/usn/usn-670-1 https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/296841 https://exchange.xforce.ibmcloud.com/vulnerabilities/46603 • CWE-255: Credentials Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-5019 – Mozilla XSS via session restore
https://notcve.org/view.php?id=CVE-2008-5019
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. La característica de restauración de sesión en Mozilla Firefox 3.x antes de 3.0.4 y 2.x antes de 2.0.0.18 permite a atacantes remotos violar la política de mismo origen para llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) y ejecutar Javascript de su elección con privilegios chrome mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://ubuntu.com/usn/usn-667-1 http://www&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2008-5023 – Mozilla -moz-binding property bypasses security checks on codebase principals
https://notcve.org/view.php?id=CVE-2008-5023
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. Firefox 3.x antes de v3.0.4, Firefox 2.x antes de v2.0.0.18 y SeaMonkey 1.x antes de v1.1.13 permite a atacantes remotos evitar los mecanismos de protección para "codebase principals" y ejecutar secuencias de comandos de su elección mediante la propiedad -moz-binding CSS en un archivo signed JAR. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/34501 http:// • CWE-20: Improper Input Validation •