Page 390 of 2282 results (0.022 seconds)

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-5513 – Firefox XSS vulnerabilities in SessionStore

https://notcve.org/view.php?id=CVE-2008-5513

Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. Vulnerabilidad no especificada en la característica session-restore en Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19 permite a atacantes remotos evitar la misma política de origen, inyectar contenido dentro de documentos asociados con otros dominios, y llevar a cabo un ataque de secuencias de comandos en sitios cruzados (XSS) a través de vectores desconocidos relacionados con la restauración de datos SessionStore. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33421 http://secunia.com/advisories/33523 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisor • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-5510 – Firefox null characters ignored by CSS parser

https://notcve.org/view.php?id=CVE-2008-5510

The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. El analizador CSS en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 ignora el carácter de escape nulo '\0', el cual debería permitir a un atacante remoto evitar los mecanismos de protección como las rutinas de limpieza. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33408 http://secunia.com/advisories/33523 http://secunia.com/advisories/34501 http://secunia.com/advisories/35080 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://sunso •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-5508 – Firefox errors parsing URLs with control characters

https://notcve.org/view.php?id=CVE-2008-5508

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. Mozilla Firefox 3.x en versiones anteriores 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 no analizando propiamente URLs con espacios en blanco destacados o caracteres de control, el cual podría permitir a los atacantes remotos deformar URL y simplificar los ataques de fraude (phishing). • http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories/33421 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http:/& • CWE-20: Improper Input Validation •

CVSS: 6.0EPSS: 0%CPEs: 10EXPL: 0

CVE-2008-5507 – Firefox Cross-domain data theft via script redirect error message

https://notcve.org/view.php?id=CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones anteriores a v2.0.0.19 y SeaMonkey 1.x versiones anteriores a v1.1.14 permite a atacantes remotos evitar la política origen y acceder a partes de datos de otro dominio a través de URL javascript que redirige a la fuente objetivo, el cual genera un error si los datos objetivo no tienen sintaxis Javascript, a los que se puede acceder utilizando la API window.onerror DOM. • http://scary.beasts.org/security/CESA-2008-011.html http://secunia.com/advisories/33184 http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33204 http://secunia.com/advisories/33205 http://secunia.com/advisories/33216 http://secunia.com/advisories/33231 http://secunia.com/advisories/33232 http://secunia.com/advisories/33408 http://secunia.com/advisories/33415 http://secunia.com/advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 1%CPEs: 19EXPL: 0

CVE-2008-5504 – Firefox 2 XSS attack vectors in feed preview

https://notcve.org/view.php?id=CVE-2008-5504

Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. Mozilla Firefox 2.x versiones anteriores a v2.0.0.19 permite a atacantes remotos ejecutar JavaScript de su elección con privilegios chrome a través de vectores relacionados con la vista previa de las semillas, una vulnerabilidad diferente a CVE-2008-3836. • http://secunia.com/advisories/33184 http://secunia.com/advisories/33189 http://secunia.com/advisories/33231 http://secunia.com/advisories/33523 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.debian.org/security/2009/dsa-1707 http://www.mandriva.com/security/advisories?name=MDVSA-2008:244 http://www.mozilla.org/security/announce/2008/mfsa2008-62.html http://www.redhat.com/support/errata/RHSA-2008-1037.html h • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-264: Permissions, Privileges, and Access Controls •