CVSS: 2.6EPSS: 1%CPEs: 63EXPL: 0CVE-2008-2933 – Firefox command line URL launches multi-tabs
https://notcve.org/view.php?id=CVE-2008-2933
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. Mozilla Firefox en versiones anteriores a 2.0.0.16 y 3.x anteriores a 3.0.1, interpreta el caráter (|) tubería en una línea de comando URI como una petición para abrir múltiples pestañas, lo que permite a los atacantes remotos acceso chrome: i URIs o lectura arbitraria de archivos locales a través de manipulación en una serie de URIs que no son completamente controlados por un vector de la aplicación, como un exploit junto con CVE-2008-2540. NOTA: esto existe por un reparación insuficiente de CVE-2005-2267 • http://secunia.com/advisories/31106 http://secunia.com/advisories/31120 http://secunia.com/advisories/31121 http://secunia.com/advisories/31129 http://secunia.com/advisories/31145 http://secunia.com/advisories/31157 http://secunia.com/advisories/31176 http://secunia.com/advisories/31183 http://secunia.com/advisories/31261 http://secunia.com/advisories/31270 http://secunia.com/advisories/31306 http://secunia.com/advisories/31377 http://secunia.com/advisories/33433 http:/& • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 55%CPEs: 24EXPL: 0CVE-2008-2801 – Firefox arbitrary signed JAR code execution
https://notcve.org/view.php?id=CVE-2008-2801
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10, no implementan de forma correcta las firmas JAR, esto permite a atacantes remotos ejecutar código de su elección mediante (1) la inyección de JavaScript en documentos con un archivo JAR o (2) un archivo JAR que utilizan URLs relativas para los ficheros JavaSrcipt. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/3 • CWE-287: Improper Authentication •
CVSS: 10.0EPSS: 66%CPEs: 37EXPL: 0CVE-2008-2799 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2799
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causar una denegación de servicios (caída de la aplicación) y posiblemente ejecutar arbitrariamente código a través de vectores desconocidos relativos a JavaScript Engine • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 43%CPEs: 37EXPL: 0CVE-2008-2811 – Firefox block reflow flaw
https://notcve.org/view.php?id=CVE-2008-2811
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. La implemetación del bloque "reflow" en Mozilla Firefox anterior a v2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior a v1.1.10, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de una imagen cuyo tamaño muestra más píxels que los indicados en nscoord_MAX, relacionado con nsBlockFrame::DrainOverflowLines. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30915 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/3 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 1%CPEs: 24EXPL: 0CVE-2008-2810 – Firefox arbitrary file disclosure
https://notcve.org/view.php?id=CVE-2008-2810
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10, no identifican correctamente el contexto de los ficheros de acceso de directo de Windows, esto permite a atacantes remotos con la ayuda del usuario evitar el Same Origin Policy mediante un sitio Web manipulado en el que el usuario haya guardado previamente un acceso directo. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html http://rhn.redhat.com/errata/RHSA-2008-0616.html http://secunia.com/advisories/30878 http://secunia.com/advisories/30898 http://secunia.com/advisories/30903 http://secunia.com/advisories/30911 http://secunia.com/advisories/30949 http://secunia.com/advisories/31005 http://secunia.com/advisories/31008 http://secunia.com/advisories/31021 http://secunia.com/advisories/31023 http://secunia.com/advisories/3 • CWE-264: Permissions, Privileges, and Access Controls •