CVSS: 7.5EPSS: 2%CPEs: 132EXPL: 0CVE-2008-3835 – mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation
https://notcve.org/view.php?id=CVE-2008-3835
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. La función nsXMLDocument::OnChannelRedirect en Firefox de Mozilla antes de 2.0.0.17, Thunderbird antes de 2.0.0.17 y SeaMonkey antes de 1.1.12 permite a atacantes remotos evitar "Same Origin Policy (Política de Mismo Origen)" y ejecutar código javaScript de su elección mediante desconocidos. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 51EXPL: 0CVE-2008-3836
https://notcve.org/view.php?id=CVE-2008-3836
feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions. feedWriter en Firefox de Mozilla antes de 2.0.0.17 permite a atacantes remotos ejecutar secuencias de comandos con privilegios chrome mediante vectores relacionados con la previsualización feed y las funciones (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage y (5) _initSubscriptionUI. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32144 http://secunia.com/advisories/32185 http://secunia.com/advisories/32196 http://secunia.com/advisories/32845 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://slackware.com/securit • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2008-3837 – mozilla: Forced mouse drag
https://notcve.org/view.php?id=CVE-2008-3837
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2 y SeaMonkey antes de 1.1.12, permiten a atacantes remotos ayudados por el usuario mover una ventana durante un click de ratón y posiblemente forzar una descarga de archivos u otras acciones "arrastrar y soltar", mediante una acción onmousedown manipulada que llama a window.moveBy, una variante de CVE-2003-0823. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/31987 http://secunia.com/advisories/32010 http://secunia.com/advisories/32011 http://secunia.com/advisories/32012 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32089 http://secunia.com/advisorie •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-3444
https://notcve.org/view.php?id=CVE-2008-3444
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." El componente de diseño de contenido de Mozilla Firefox 3.0 y 3.0.1, permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de una página web manipulada pero bien formada que contiene "un conjunto de etiquetas HTML válidas" • http://blog.mozilla.com/security/2008/07/30/low-risk-denial-of-service-in-firefox http://www.radware.com/newsevents/pressrelease.aspx?id=6459 http://www.securityfocus.com/bid/30486 https://bugzilla.mozilla.org/show_bug.cgi?id=448564 https://exchange.xforce.ibmcloud.com/vulnerabilities/44169 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 7%CPEs: 3EXPL: 1CVE-2008-2934
https://notcve.org/view.php?id=CVE-2008-2934
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer. Mozilla Firefox 3 anterior a la versión 3.0.1 sobre Mac OS X permite a atacante remotos causar una denegación de servicio (Con caida de la aplicación) o posiblemente ejecutar codigo arbitrario mediante un fichero GIF manipulado que ocasiona la liberacion de un puntero no inicializado. • http://secunia.com/advisories/31132 http://secunia.com/advisories/31270 http://secunia.com/advisories/34501 http://securitytracker.com/id?1020516 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mozilla.org/security/announce/2008/mfsa2008-36.html http://www.securityfocus.com/bid/30266 http://www.ubuntu.com/usn/usn-626-1 http://www.vupen.com/english/advisories/2008/2125 http://www.vupen.com/english/advisories/2009/0977 https://bugzilla.mo • CWE-908: Use of Uninitialized Resource •