CVSS: 5.0EPSS: 13%CPEs: 13EXPL: 5CVE-2006-6077
https://notcve.org/view.php?id=CVE-2006-6077
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. El (1) Password Manager en Mozilla Firefox 2.0, y 1.5.0.8 y anteriores; y el (2) Passcard Manager en Netscape 8.1.2 y posiblemente otras versiones, no verifican correctamente que una ACTION URL en un elemento FORM contiene una contraseña (elemento INPUT) que encaja con el sitio web para lo cual el usuario almacena una contraseña, lo cual permite a un atacante remoto obtener contraseñas a través de la contraseña (elemento INPUT) sobre un página web diferente localizada sobre un sitio web previsto para esta contraseña. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errata/RHSA-2007-0077.html http://secunia.com/advisories/23046 http://secunia.com/adv •
CVSS: 7.5EPSS: 46%CPEs: 30EXPL: 0CVE-2006-5159
https://notcve.org/view.php?id=CVE-2006-5159
Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources" ** IMPUGNADA ** Desbordamiento de búfer basado en pila en Mozilla Firefox permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados implicando JavaScript. NOTA: el vendedor e investigadores originales han liberado un comentario de continuación impugnando la severidad de este asunto, en el cual el investigador afirma que "hemos mencionado que hubo una vulnerabilidad en Firefox previamente conocida que podría provocar un desbordamiento de pila permitiendo ejecución remota de código. • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon http://securityreason.com/securityalert/1678 http://securitytracker.com/id?1016962 http://www.securityfocus.com/archive/1/447493/100/0/threaded http://www.securityfocus.com/archive/1/447497/100/0/threaded http://www.securityfocus.com/bid/20282 http://www.securityfocus.com/bid/20294 http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html https:// •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2006-5160
https://notcve.org/view.php?id=CVE-2006-5160
Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. ** IMPUGNADA ** Múltiples vulnerabilidades en Mozilla Firefox tienen vectores e impacto no especificados, como fue reclamado durante el ToorCon 2006. NOTA: el vendedor e investigadores originales han liberado un comentario de seguimiento impugnando este asunto, en el cual un investigador afirma que "No tengo vulnerabilidades de Firefox no reveladas. La persona que estuvo hablando conmigo hizo esta reclamación, y yo honestamente no tengo ni idea de si él las tiene o no". • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon http://www.securityfocus.com/archive/1/447493/100/0/threaded http://www.securityfocus.com/bid/20294 http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html •
CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 0CVE-2006-4568
https://notcve.org/view.php?id=CVE-2006-4568
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks. Mozilla FireFox anterior a 1.5.0.7 y SeaMonkey anterior a 1.0.5 permite a un atacante remoto evitar el modelo de seguridad e inyectar contenidos dentro de una sub-estructura de otro sitio a través de targetWindow.frames[n].document.open(), el cual facilita la suplantación y otros ataques. • ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/21906 http://secunia.com/advisories/21915 http://secunia.com/advisories/21940 http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22036 http://secunia.com/advisories/22056 http://secunia.com/advisories/22066 http://secunia.com/advisories/22195 http:/& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 5%CPEs: 1EXPL: 0CVE-2006-4569
https://notcve.org/view.php?id=CVE-2006-4569
The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks. El bloqueador de ventanas emergentes de Mozilla Firefox anterior a 1.5.0.7 abre las "vetanas emergentes bloqueadas" mostrando el contexto de la barra de localización en vez del subframe en el cual el popup se originó, que puede hacer más fácil para que atacantes remotos con la complicidad del usuario conduzcan a ataques de secuencias de comandos en sitios cruzados(XSS). • http://secunia.com/advisories/21949 http://secunia.com/advisories/21950 http://secunia.com/advisories/22001 http://secunia.com/advisories/22025 http://secunia.com/advisories/22056 http://secunia.com/advisories/22066 http://secunia.com/advisories/22195 http://secunia.com/advisories/22210 http://secunia.com/advisories/22422 http://secunia.com/advisories/24711 http://security.gentoo.org/glsa/glsa-200609-19.xml http://securitytracker.com/id?1016849 http://support.avaya.com/ •