Page 389 of 2282 results (0.016 seconds)

CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 0

CVE-2008-5502 – JavaScript engine crash - Firefox 3 only

https://notcve.org/view.php?id=CVE-2008-5502

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. El motor de diseño en Mozilla Firefox 3.x antes de v3.0.5, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores que disparan una corrupción de memoria, relacionada con las funciones GetXMLEntity y FastAppendChar. • http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/33421 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mozilla.org/security/announce/2008/mfsa2008-60.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://ww • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

CVE-2008-5505 – Firefox 3 User tracking via XUL persist attribute

https://notcve.org/view.php?id=CVE-2008-5505

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies. Mozilla Firefox 3.x antes de v3.0.5 permite a atacantes remotos evitar las restricciones de privacidad previstas utilizando el atributo persist en un elemento XUL para crear y acceder las entidades de datos que son parecidas a las cookies. • http://secunia.com/advisories/33188 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mozilla.org/security/announce/2008/mfsa2008-63.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://www.securityfocus.com/bid/32882 http://www.securitytracker.com/id?1021428 http • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 5%CPEs: 5EXPL: 0

CVE-2008-5501 – Layout engine crash - Firefox 3 only

https://notcve.org/view.php?id=CVE-2008-5501

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. El motor de diseño en Mozilla Firefox 3.x en versiones anteriores 3.0.5, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 que permite a los atacantes remotos causar una denegación de servicios a través de vectores que lanzar un fallo de evaluación. • http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/33421 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mozilla.org/security/announce/2008/mfsa2008-60.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://ww •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-5506 – Firefox XMLHttpRequest 302 response disclosure

https://notcve.org/view.php?id=CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones anteriores a v2.0.0.19, y SeaMonkey 1.x versiones anteriores a v1.1.14 permite a atacantes remotos evitar la misma política de origen provocando que el navegador cause una XMLHttpRequest de un recurso controlado por el atacante que utiliza una redirección 302 a la fuente en un dominio distinto, a continuación leyendo el contenido de la respuesta, también conocido como "revelación de respuesta". • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-5512 – Firefox JavaScript privilege escalation

https://notcve.org/view.php?id=CVE-2008-5512

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores anteriores a 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 permite a los atacantes remotos ejecutar arbitrariamente JavaScript con privilegios chrome a través de vectores desconocido en la cual "el contenido de la página puede contaminar XPCNativeWrappers." • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http:/& • CWE-264: Permissions, Privileges, and Access Controls •