CVSS: 9.3EPSS: 1%CPEs: 52EXPL: 0CVE-2009-3376 – Firefox download filename spoofing with RTL override
https://notcve.org/view.php?id=CVE-2009-3376
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, no maneja adecuadamente una anulación de carácter Unicode "right-to-left" (también conocido como RLO o U+202E) en un nombre de fichero de descarga, lo que permite a atacantes remotos falsificar las extensiones de fichero a través de un nombre de fichero manipulado como se demuestra en una extensión no ejecutable de un fichero ejecutable. • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/38977 http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.mozilla.org/security/announce/2009/mfsa2009-62.html http://www.redhat.com/support/errata/RHSA-2010-0153.html http://www.redhat.com/support/errata/RHSA-2010-0154.html http://www.ubuntu.com/usn/USN-915-1 http://www.vupen.co • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2009-3375 – Firefox cross-origin data theft through document.getSelection()
https://notcve.org/view.php?id=CVE-2009-3375
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. content/html/document/src/nsHTMLDocument.cpp en Mozilla Firefox v3.0.x anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4 permite a atacantes remotos ayudados por un usuario evitar la politica "Same Origin" y leer contenido arbitrario a través de la función document.getSelection. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.mozilla.org/security/announce/2009/mfsa2009-61.html http://www.vupen.com/english/advisories/2009/3334 https://bugzilla.mozilla.org/show_bug.cgi?id=503226 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10440 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5935 https://access& • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 17EXPL: 0CVE-2009-3374 – XPCVariant:: VariantDataToJS()
https://notcve.org/view.php?id=CVE-2009-3374
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects." La función XPCVariant::VariantDataToJS en la implementacion XPCOM en Mozilla Firefox v3.0.x anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4 no aplica adecuadamente las restricciones previstas en la interacción entre código del chrome y objetos procedentes de paginas web remotas, lo que permite a atacantes remotos ejecutar JavaScript arbitrario con privilegios chrome a través de métodos de llama sin especificar, relacionado con "objetos doubly-wrapped". • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.mozilla.org/security/announce/2009/mfsa2009-57.html http://www.vupen.com/english/advisories/2009/3334 https://bugzilla.mozilla.org/show_bug.cgi?id=505988 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6565 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9789 https://access&# • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 8%CPEs: 52EXPL: 0CVE-2009-3372 – Firefox crash in proxy auto-configuration regexp parsing
https://notcve.org/view.php?id=CVE-2009-3372
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de un expresión regular manipulada en un fichero de autoconfiguración de proxy. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.mozilla.org/security/announce/2009/mfsa2009-55.html http://www.vupen.com/english/advisories/2009/3334 https://bugzilla.mozilla.org/show_bug.cgi?id=500644 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10977 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6347 https://access& •
CVSS: 10.0EPSS: 89%CPEs: 14EXPL: 1CVE-2009-3382 – Mozilla Firefox 3.0.14 - Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3382
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. layout/base/nsCSSFrameConstructor.cpp en el motor del navegador en Mozilla Firefox v3.0.x anteriores a v3.0.15 no maneja adecuadamente los frames, lo que permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/33314 http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.mozilla.org/security/announce/2009/mfsa2009-64.html http://www.vupen.com/english/advisories/2009/3334 https://bugzilla.mozilla.org/show_bug.cgi?id=514960 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11219 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5581 https://access.redhat.com/security&# •