CVSS: 4.3EPSS: 8%CPEs: 3EXPL: 0CVE-2007-2292
https://notcve.org/view.php?id=CVE-2007-2292
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. Una vulnerabilidad de inyección CRLF en el soporte Digest Authentication para Mozilla Firefox anterior a la versión 2.0.0.8 y SeaMonkey anterior a la versión 1.1.5 permite a los atacantes remotos realizar ataques de división de peticiones HTTP por medio de LF (% 0a) bytes en el atributo de nombre de usuario. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http:/ • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2162
https://notcve.org/view.php?id=CVE-2007-2162
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. (1) Mozilla Firefox 2.0.0.3 y (2) GNU IceWeasel 2.0.0.3 permite a atacantes remotos provocar denegación de servicio (caida del navegador o cuelgue de aplicación) a través de JavaScript que valida una expresión regular con una cadena larga, como se demostró utilizando /(.)*/. • http://www.securityfocus.com/archive/1/466017/100/0/threaded http://www.securityfocus.com/archive/1/466147/100/0/threaded http://www.securityfocus.com/archive/1/466220/100/0/threaded •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1762
https://notcve.org/view.php?id=CVE-2007-1762
Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. Mozilla Firefox 2.0.0.1 hasta 2.0.0.3 no normaliza las URLs antes de validarlas contra la lista negra de phishing, lo cual permite a atacantes remotos evitar la protección phishing a través de múltiples caracteres / (slash) en la URL. • http://osvdb.org/34535 http://www.securityfocus.com/archive/1/464149/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33486 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1736
https://notcve.org/view.php?id=CVE-2007-1736
Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Mozilla Firefox 2.0.0.3 no comprueba las URL's embebidas en (1) objeto ó (2) Etiquetas HTML "iframe" contra la lista negra de sitios phising, lo cual permite a atacantes remotos evitar la protección phishing. • http://securityreason.com/securityalert/2488 http://www.securityfocus.com/archive/1/464041/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33487 •
CVSS: 6.8EPSS: 4%CPEs: 5EXPL: 1CVE-2007-1562 – Mozilla FireFox 1.5.x/2.0 - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1562
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Mozilla Firefox anterior a versión 1.5.0.11 y versión 2.x anterior a 2.0.0.3 permite a los atacantes remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto proxy o conseguir información confidencial por medio de la especificación de una dirección de servidor alterno en una respuesta PASV de FTP. • https://www.exploit-db.com/exploits/29768 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/25476 http://secunia.com/advisories/25490 http://secunia.com/advisories/25858 http://www.mozilla.org/security/announce/2007/mfsa2007-11.html http://www.novell.com/linux/security/advisories/2007_36_mozilla.html http://www.openwall.com/lists/oss-security/2020/12/09/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •