Page 402 of 2337 results (0.034 seconds)

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 1

CVE-2008-4582 – Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation

https://notcve.org/view.php?id=CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. Mozilla Firefox 3.0.1 hasta la versión 3.0.3, Firefox 2.x en versiones anteriores a 2.0.0.18 y SeaMonkey 1.x en versiones anteriores a 1.1.13, cuando se ejecuta en Windows, no identifican correctamente el contexto de los archivos de acceso directo de Windows .url, lo que permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y obtener información sensible a través de un documento HTML que es accesible directamente a través de un sistema de archivos, como se demuestra por los documentos en (1) carpetas locales, (2) carpetas compartidas de Windows y (3) archivos RAR y como se demuestra por IFRAMEs referenciando shortcuts que apuntan a (a) about:cache?device=memory y (b) about:cache? • https://www.exploit-db.com/exploits/32466 http://liudieyu0.blog124.fc2.com/blog-entry-6.html http://secunia.com/advisories/32192 http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 9%CPEs: 2EXPL: 4

CVE-2008-4324 – Mozilla Firefox 3.0.3 - User Interface Null Pointer Dereference Crash

https://notcve.org/view.php?id=CVE-2008-4324

The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. El despachador de eventos de la interfaz de usuario en Mozilla Firefox versión 3.0.3, en Windows XP SP2, permite a los atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo de aplicación) por medio de una serie de eventos de keypress, click, onkeydown, onkeyup, onmousedown, y onmouseup. NOTA: más tarde se reportó que Firefox versión 3.0.2 en Mac OS X versión 10.5 también está afectado. • https://www.exploit-db.com/exploits/6614 http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php http://secunia.com/advisories/32040 http://securityreason.com/securityalert/4321 http://www.secniche.org/moz303.html http://www.secniche.org/moz303/index.html http://www.securityfocus.com/archive/1/496807/100/0/threaded http://www.securityfocus.com/archive/1/496846/100/0/threaded http://www.securityfocus.com/bid/31476 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 57%CPEs: 65EXPL: 0

CVE-2008-4059 – Mozilla privilege escalation via XPCnativeWrapper pollution

https://notcve.org/view.php?id=CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. El componente XPConnect en Firefox de Mozilla antes de 2.0.0.17 permite a atacantes remotos "contaminar XPCNativeWrappers" y ejecutar código de su elección con privilegios chrome mediante vectores relacionados con un elemento SCRIPT. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 10.0EPSS: 50%CPEs: 2EXPL: 0

CVE-2008-4064 – Mozilla crashes with evidence of memory corruption

https://notcve.org/view.php?id=CVE-2008-4064

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1) handling of a long alert messagebox in the cairo_surface_set_device_offset function, (2) integer overflows when handling animated PNG data in the info_callback function in nsPNGDecoder.cpp, and (3) an integer overflow when handling SVG data in the nsSVGFEGaussianBlurElement::SetupPredivide function in nsSVGFilters.cpp. Múltiples vulnerabilidades no especificadas en Firefox de Mozilla 3.x antes de 3.0.2 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código de su elección mediante vectores relacionados con renderizado de gráficos y (1) manipulado de una caja de mensaje de alerta larga en la función cairo_surface_set_device_offset, (2) desbordamientos de entero cuando se manipulan datos PNG animados en la función info_callback en nsPNGDecoder.cpp, y (3) un desbordamiento de entero cuando se manipulan datos SVG en la función nsSVGFEGaussianBlurElement::SetupPredivide en nsSVGFilters.cpp. • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31987 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisories/32089 http://secunia.com/advisories/32095 http://secunia.com/advisories/32096 http://secunia.com/advisories/32196 http://secunia.com/advisories/34501 http:// • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 63%CPEs: 134EXPL: 0

CVE-2008-4060 – Mozilla privilege escalation via XPCnativeWrapper pollution

https://notcve.org/view.php?id=CVE-2008-4060

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permite a atacantes remotos crear documentos que no tienen objetos de manejo de scripts y ejecutar código de su elección con privilegios chrome, mediante vectores relacionados con (1) la función document.loadBindingDocument y (2) XSLT. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •