CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 3CVE-2007-1377 – Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption
https://notcve.org/view.php?id=CVE-2007-1377
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin especificar de recursos) mediante una URL .pdf con un identificador de marcador que comienza con search= seguido de muchas secuencias %n, vulnerabilidad distinta a CVE-2006-6027 y CVE-2006-6236. • https://www.exploit-db.com/exploits/3430 http://www.securityfocus.com/bid/22856 http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32896 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 3%CPEs: 5EXPL: 1CVE-2007-0994
https://notcve.org/view.php?id=CVE-2007-0994
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. Un error de regresión en Mozilla Firefox versión 2.x anterior a 2.0.0.2 y versión 1.x anterior a 1.5.0.10, y SeaMonkey versión 1.1 anterior a 1.1.1 y versión 1.0 anterior a 1.0.8, permite a los atacantes remotos ejecutar JavaScript arbitrario como usuario por medio de un mensaje de correo HTML con un javascript: URI en una etiqueta (1) img , (2) enlace o (3) style, que omite las comprobaciones de acceso y ejecuta código con privilegios de chromo. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://secunia.com/advisories/24384 http://secunia.com/advisories/24395 http://secunia.com/advisories/24455 http://secunia.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1256
https://notcve.org/view.php?id=CVE-2007-1256
Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. Mozilla Firefox 2.0.0.2 permite a atacantes remotos parodiar la barra de direcciones, iconos favoritos (favicons), y código fuente, y realizar actualizaciones en el contexto de sitios web de su elección, al poner repetidamente document.location en el atributo onunload cuando se enlaza otro sitio web, una variante de CVE-2007-1092. • http://marc.info/?l=full-disclosure&m=117258301222007&w=2 http://marc.info/?l=full-disclosure&m=117259225402112&w=2 http://osvdb.org/35913 http://www.securityfocus.com/archive/1/461437/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.8EPSS: 10%CPEs: 28EXPL: 0CVE-2007-0996
https://notcve.org/view.php?id=CVE-2007-0996
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. Los marcos hijo en Mozilla Firefox anterior a 1.5.0.10 y 2.x anterior 2.0.0.2, y SeaMonkey anterior a 1.0.8 heredan el charset por defecto desde la ventana padre, lo caul permite a atacantes remotos conducir ataques de secuencias de comandos en sitios cruzados (XSS), como se demostró utilizando a codificación de caracteres UTF-7. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://osvdb.org/33812 http://rhn.redhat.com/errata/RHSA-2007-0077.html http://secunia.com/advisories/24205 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2007-1116
https://notcve.org/view.php?id=CVE-2007-1116
The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history. La función CheckLoadURI en Mozilla Firefox versión 1.8, enumera los URI about: tal y como ChromeProtocol y se puede cargar por medio de JavaScript, lo que permite a los atacantes remotos obtener información confidencial mediante la consulta del histórico de sesiones del navegador. • http://osvdb.org/33804 http://securityreason.com/securityalert/2309 http://www.gnucitizen.org/projects/hscan-redux http://www.securityfocus.com/archive/1/461006/100/0/threaded http://www.securityfocus.com/archive/1/461013/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=371375 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •