CVE-2008-4059 – Mozilla privilege escalation via XPCnativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-4059
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. El componente XPConnect en Firefox de Mozilla antes de 2.0.0.17 permite a atacantes remotos "contaminar XPCNativeWrappers" y ejecutar código de su elección con privilegios chrome mediante vectores relacionados con un elemento SCRIPT. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4064 – Mozilla crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-4064
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. Múltiples vulnerabilidades no especificadas en Firefox de Mozilla 3.x antes de 3.0.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con renderizado de gráficos y (1) manipulado de una caja de mensaje de alerta larga en la función cairo_surface_set_device_offset, (2) desbordamientos de entero cuando se manipulan datos PNG animados en la función info_callback en nsPNGDecoder.cpp, y (3) un desbordamiento de entero cuando se manipulan datos SVG en la función nsSVGFEGaussianBlurElement::SetupPredivide en nsSVGFilters.cpp. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31987 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisories/32089 http://secunia.com/advisories/32095 http://secunia.com/advisories/32096 http://secunia.com/advisories/32196 http://secunia.com/advisories/34501 http:// • CWE-399: Resource Management Errors •
CVE-2008-4060 – Mozilla privilege escalation via XPCnativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-4060
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permite a atacantes remotos crear documentos que no tienen objetos de manejo de scripts y ejecutar código de su elección con privilegios chrome, mediante vectores relacionados con (1) la función document.loadBindingDocument y (2) XSLT. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-4065 – Mozilla BOM characters stripped from JavaScript before execution
https://notcve.org/view.php?id=CVE-2008-4065
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." Firefox de Mozilla antes de 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 permite a atacantes remotos evitar los mecanismos de protección de inyección de secuencias de comandos en sitios cruzados (XSS) y llevar a cabo ataques XSS mediante caracteres de marca de orden de byte (BOM) que son eliminados de código javaScript antes de la ejecución, también conocido como "error de caracteres BOM deshechos" • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2008-4069 – Mozilla XBM decoder information disclosure
https://notcve.org/view.php?id=CVE-2008-4069
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. El decodificador XBM de Firefox de Mozilla antes del 2.0.0.17 y SeaMonkey anterior a 1.1.12 permite a atacantes remotos leer memoria no inicializada y posiblemente obtener información sensible en circunstancias oportunas mediante un archivo de imagen XBM manipulado. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32144 http://secunia.com/advisories/32185 http://secunia.com/advisories/32196 http://secunia.com/advisorie • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •