NotCVE - vendor:"Mozilla" product:"Firefox" version:" <= 1.0.3"

Page 388 of 2167 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 92EXPL: 0

CVE-2009-0355 – Firefox local file stealing with SessionStore

https://notcve.org/view.php?id=CVE-2009-0355

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. components/sessionstore/src/nsSessionStore.js en Mozilla Firefox anterior a v3.0.6 no bloquea los cambios de los elementos INPUT al tyoe="file" durante la restauración de pestañas, lo que permite a atacantes asistidos por el usuario leer archivos de su elección en un ordenador cliente mediante elementos INPUT manipulados. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://secunia.com/advisories/33869 http://secunia.com/advisories/34324 http://secunia.com/advisories/3 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 98EXPL: 0

CVE-2009-0357 – Firefox XMLHttpRequest allows reading HTTPOnly cookies

https://notcve.org/view.php?id=CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. Mozilla Firefox anterior a v3.06 y SeaMonkey anterior a v1.1.15 no restringe adecuadamente el acceso desde las páginas web a las cabeceras de respuesta HTTP (1) Set-Cookie y (2) Set-Cookie2, lo que permite a atacantes remotos obtener información sensible de las cookies a través de llamadas XMLHttpRequest, relacionado con el mecanismo de protección HTTPOnly. • http://ha.ckers.org/blog/20070511/bluehat-errata http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://secunia.com/advisories/33869 http://secunia. • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.1EPSS: 18%CPEs: 93EXPL: 0

CVE-2009-0356 – Firefox Chrome privilege escalation via local .desktop files

https://notcve.org/view.php?id=CVE-2009-0356

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. Mozilla Firefox en versiones anteriores a v3.0.6 y SeaMonkey no bloquean enlaces a las URIs (1) about:plugins y (2) about:config desde ficheros .desktop, lo que permite a atacantes remotos eludir la Same Origin Policy y ejecutar código de su elección con privilegios chrome mediante vectores relacionados con el campo URL en una sección Desktop Entry de un fichero .desktop, en relación con una representación de: URIs como jar:file:// URIs. NOTA: este problema existe debido a una resolución incompleta de CVE-2008-4582. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33809 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 http://www.mozilla.org/security/announce/2009/mfsa2009- • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2008-5505 – Firefox 3 User tracking via XUL persist attribute

https://notcve.org/view.php?id=CVE-2008-5505

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies. Mozilla Firefox 3.x antes de v3.0.5 permite a atacantes remotos evitar las restricciones de privacidad previstas utilizando el atributo persist en un elemento XUL para crear y acceder las entidades de datos que son parecidas a las cookies. • http://secunia.com/advisories/33188 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mozilla.org/security/announce/2008/mfsa2008-63.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://www.securityfocus.com/bid/32882 http://www.securitytracker.com/id?1021428 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 0

CVE-2008-5504 – Firefox 2 XSS attack vectors in feed preview

https://notcve.org/view.php?id=CVE-2008-5504

Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. Mozilla Firefox 2.x versiones anteriores a v2.0.0.19 permite a atacantes remotos ejecutar JavaScript de su elección con privilegios chrome a través de vectores relacionados con la vista previa de las semillas, una vulnerabilidad diferente a CVE-2008-3836. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33189 http://secunia.com/advisories/33231 http://secunia.com/advisories/33523 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 http://www.mozilla.org/security/announce/2008/mfsa2008-62.html http://www.redhat.com/support/errata/RHSA-2008-1037.html h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •

1...386 387 388 389 390