Page 386 of 2167 results (0.018 seconds)

CVSS: 9.3EPSS: 96%CPEs: 99EXPL: 2

CVE-2009-1169 – Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC)

https://notcve.org/view.php?id=CVE-2009-1169

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. La función txMozillaXSLTProcessor::TransformToDoc en Firefox anterior a versión 3.0.8 y SeaMonkey anterior a versión 1.1.16, de Mozilla, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecute código arbitrario por medio de un archivo XML con una transformación XSLT diseñada. • https://www.exploit-db.com/exploits/8285 http://blogs.zdnet.com/security/?p=3013 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34471 http://secunia.com/advisories/34486 http://secunia.com/advisories/34505 http://secunia.com/advisories/34510 http://secunia.com/advisories/34511 http://secunia.com/advisories/34521 http://secunia.com/advisories/34527 • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 0%CPEs: 88EXPL: 0

CVE-2009-0776 – Firefox XML data theft via RDFXMLDataSource and cross-domain redirect

https://notcve.org/view.php?id=CVE-2009-0776

nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. nsIRDFService de Mozilla Firefox anterior a v3.0.7, Thunderbird anterior a v2.0.0.21 y SeaMonkey anterior a v1.1.15; permite a atacantes remotos evitar la política de same-origin -mismo origen- y leer datos XML desde otro dominio a través de una redirección de dominio cruzado. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://sec • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 9%CPEs: 86EXPL: 3

CVE-2009-0821 – Mozilla Firefox 2.0.x - Nested 'window.print()' Denial of Service

https://notcve.org/view.php?id=CVE-2009-0821

Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. Mozilla Firefox v2.0.0.20 y anteriores, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de llamadas anidadas a la función window.print, como se ha demostrado con window.print(window.print()) en el atributo onclick de un elemento INPUT. • https://www.exploit-db.com/exploits/32836 http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html http://www.securityfocus.com/bid/33969 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 76%CPEs: 88EXPL: 0

CVE-2009-0771 – Firefox 3 Layout Engine Crashes

https://notcve.org/view.php?id=CVE-2009-0771

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. El motor de diseño en Mozilla Firefox anterior a v3.0.7, Thunderbird anterior a v2.0.0.21, y SeaMonkey v1.1.15, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente la ejecución de código de su elección a través de vectores que provocan una corrupción de memoria y un fallo de aserción. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34383 http://secunia.com/advisories/34462 http://secunia.com/advisories/34464 http://secunia.com/advisories/34527 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&am • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 6%CPEs: 88EXPL: 0

CVE-2009-0774 – Firefox 2 and 3 crashes in the JavaScript engine

https://notcve.org/view.php?id=CVE-2009-0774

The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. El motor de diseño en Mozilla Firefox 2 y 3 anterior a v3.0.7, Thunderbird anterior a v2.0.0.21, y SeaMonkey v1.1.15, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente la ejecución de código de su elección a través de vectores relacionados con "gczeal". Vulnerabilidad distinta de CVE-2009-0773. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34387 http://secunia.com/advisories/34417 http://secunia.com/advisories/34462 http://sec • CWE-399: Resource Management Errors •