CVSS: 4.3EPSS: 0%CPEs: 102EXPL: 0CVE-2009-1306 – jar: scheme ignores the content-disposition: header on the inner URI
https://notcve.org/view.php?id=CVE-2009-1306
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. La implementación de jar: URI en Mozilla Firefox anteriores 3.0.9, Thunderbird, y SeaMonkey no cumplen la cabecera "Content-Disposition" de la URI interna, permitiendo a atacantes remotos realizar ataques de secuencias de comandos en sitios cruzados (XSS) y posiblemente otros ataques al utilizar un fichero .jar cargado con una designación "Content-Disposition: attachment". • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 h • CWE-16: Configuration •
CVSS: 6.8EPSS: 14%CPEs: 77EXPL: 1CVE-2009-1305 – Firefox 2 and 3 JavaScript engine crash
https://notcve.org/view.php?id=CVE-2009-1305
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. El motor JavaScript en Mozilla Firefox antes de 3.0.9, Thunderbird antes de 2.0.0.22, y SeaMonkey antes de 1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente disparar una corrupción de memoria mediante vectores en relación con JSOP_DEFVAR y con las propiedades que carecen del atributo JSPROP_PERMANENT. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search&# • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 83%CPEs: 12EXPL: 3CVE-2009-1232 – Mozilla Firefox 3.0.x - XML Parser Memory Corruption / Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-1232
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected. Firefox de Mozilla versiones 3.0.8 y anteriores a 3.0.x, permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria) por medio de un documento XML compuesto por una serie larga de etiquetas de inicio sin las etiquetas finales correspondientes. NOTA: más tarde se informó que la versión 3.0.10 y anteriores también están afectadas. • https://www.exploit-db.com/exploits/8306 http://milw0rm.com/sploits/2009-Firefox-XUL-0day-PoC.rar http://websecurity.com.ua/3216 http://www.securityfocus.com/bid/34522 https://bugzilla.mozilla.org/show_bug.cgi?id=485941 https://exchange.xforce.ibmcloud.com/vulnerabilities/49521 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 96%CPEs: 99EXPL: 2CVE-2009-1169 – Mozilla Firefox XSL - Parsing Remote Memory Corruption (PoC)
https://notcve.org/view.php?id=CVE-2009-1169
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. La función txMozillaXSLTProcessor::TransformToDoc en Firefox anterior a versión 3.0.8 y SeaMonkey anterior a versión 1.1.16, de Mozilla, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecute código arbitrario por medio de un archivo XML con una transformación XSLT diseñada. • https://www.exploit-db.com/exploits/8285 http://blogs.zdnet.com/security/?p=3013 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html http://secunia.com/advisories/34471 http://secunia.com/advisories/34486 http://secunia.com/advisories/34505 http://secunia.com/advisories/34510 http://secunia.com/advisories/34511 http://secunia.com/advisories/34521 http://secunia.com/advisories/34527 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 2CVE-2009-0723 – LittleCms integer overflow
https://notcve.org/view.php?id=CVE-2009-0723
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. Múltiples desbordamientos de enteros en LittleCMS (también conocido como lcms o liblcms) anteriores a v1.18beta2, como el utilizado en Firefox v3.1beta, OpenJDK, y GIMP, permiten a atacantes dependientes de contexto ejecutar código arbitrario a través de un fichero de imagen manipulado, que provoca un desbordamiento de buffer basada en montículo. NOTA: algunos de estos detalles son obtenidos de información de terceras personas. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://scary.beasts.org/security/CESA-2009-003.html http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html http://secunia.com/advisories/34367 http://secunia.com/advisories/34382 http://secunia.com/advisories/34400 http://secunia.com/advisories/34408 http://secunia.com/advisories/34418 http://secunia.com/advisories/34442 http://secunia.com/advisories/34450 http://secunia.com/advisories/34454&# • CWE-190: Integer Overflow or Wraparound •