CVSS: 10.0EPSS: 17%CPEs: 88EXPL: 0CVE-2009-0775 – Mozilla Firefox XUL Linked Clones Double Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-0775
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. Vulnerabilidad de doble liberación en Mozilla Firefox anteriores a v3.0.7, Thunderbird anteriores a v2.0.0.21, y SeaMonkey anteriores a v1.1.15 permite a atacantes remotos ejecutar código a su elección a través de "elementos XUL DOM clonados lo cuales son enlazados como padre e hijo", lo cual no es correctamente manejado durante la recolección de basura. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the browsers garbage collection process. When multiple DOM elements are cloned and linked to one another and the browser is reloaded, a memory corruption occurs resulting in a double free. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34324 http://secunia.com/advisories/34383 http://secunia.com/advisories/34417 http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=36 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 88EXPL: 0CVE-2009-0652 – firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
https://notcve.org/view.php?id=CVE-2009-0652
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. La lista negra de Internationalized Domain Names (IDN) en Mozilla Firefox versión 3.0.6 y otras versiones anteriores a 3.0.9; Thunderbird anterior a versión 2.0.0.21; y SeaMonkey anterior a versión 1.1.15, no incluye caracteres box-drawing, lo que permite a los atacantes remotos falsificar URL y conducir ataques de phishing, como es demostrado por homoglifos de / (barra lateral) y caracteres ? (signo de interrogación) en un subdominio de un nombre de dominio .cn, una vulnerabilidad diferente de CVE-2005-0233. • http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34096 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http& •
CVSS: 5.4EPSS: 0%CPEs: 92EXPL: 0CVE-2009-0355 – Firefox local file stealing with SessionStore
https://notcve.org/view.php?id=CVE-2009-0355
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. components/sessionstore/src/nsSessionStore.js en Mozilla Firefox anterior a v3.0.6 no bloquea los cambios de los elementos INPUT al tyoe="file" durante la restauración de pestañas, lo que permite a atacantes asistidos por el usuario leer archivos de su elección en un ordenador cliente mediante elementos INPUT manipulados. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://secunia.com/advisories/33869 http://secunia.com/advisories/34324 http://secunia.com/advisories/3 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 98EXPL: 0CVE-2009-0357 – Firefox XMLHttpRequest allows reading HTTPOnly cookies
https://notcve.org/view.php?id=CVE-2009-0357
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. Mozilla Firefox anterior a v3.06 y SeaMonkey anterior a v1.1.15 no restringe adecuadamente el acceso desde las páginas web a las cabeceras de respuesta HTTP (1) Set-Cookie y (2) Set-Cookie2, lo que permite a atacantes remotos obtener información sensible de las cookies a través de llamadas XMLHttpRequest, relacionado con el mecanismo de protección HTTPOnly. • http://ha.ckers.org/blog/20070511/bluehat-errata http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33808 http://secunia.com/advisories/33809 http://secunia.com/advisories/33816 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://secunia.com/advisories/33869 http://secunia. • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.1EPSS: 18%CPEs: 93EXPL: 0CVE-2009-0356 – Firefox Chrome privilege escalation via local .desktop files
https://notcve.org/view.php?id=CVE-2009-0356
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. Mozilla Firefox en versiones anteriores a v3.0.6 y SeaMonkey no bloquean enlaces a las URIs (1) about:plugins y (2) about:config desde ficheros .desktop, lo que permite a atacantes remotos eludir la Same Origin Policy y ejecutar código de su elección con privilegios chrome mediante vectores relacionados con el campo URL en una sección Desktop Entry de un fichero .desktop, en relación con una representación de: URIs como jar:file:// URIs. NOTA: este problema existe debido a una resolución incompleta de CVE-2008-4582. • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html http://rhn.redhat.com/errata/RHSA-2009-0256.html http://secunia.com/advisories/33799 http://secunia.com/advisories/33809 http://secunia.com/advisories/33831 http://secunia.com/advisories/33841 http://secunia.com/advisories/33846 http://support.avaya.com/elmodocs2/security/ASA-2009-040.htm http://www.mandriva.com/security/advisories?name=MDVSA-2009:044 http://www.mozilla.org/security/announce/2009/mfsa2009- • CWE-59: Improper Link Resolution Before File Access ('Link Following') •