CVSS: 5.0EPSS: 6%CPEs: 1EXPL: 4CVE-2009-1828 – Mozilla Firefox 3.0.10 - 'KEYGEN' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-1828
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected. Mozilla Firefox v3.0.10 permite a atacantes remotos provocar una denegación de servicio (bucle infinito, cuelgue de aplicación y consumo de memoria) a través de un elemento KEYGEN en conjunción con (1) un elemento META especificando página de refresco automático o (2) un gestor de evento onLoad JavaScript para un elemento BODY. • https://www.exploit-db.com/exploits/8822 http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0247.html http://archives.neohapsis.com/archives/fulldisclosure/2009-05/0263.html http://blog.zoller.lu/2009/04/advisory-firefox-denial-of-service.html http://websecurity.com.ua/3194 http://www.securityfocus.com/archive/1/503876/100/0/threaded http://www.securityfocus.com/archive/1/506328/100/100/threaded http://www.securityfocus.com/bid/35132 https://bugzilla.mozilla.org/show • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 9%CPEs: 1EXPL: 4CVE-2009-1827 – Mozilla Firefox - unclamped loop Denial of Service
https://notcve.org/view.php?id=CVE-2009-1827
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop." El componente SVG en Mozilla Firefox v3.0.4 permite a atacantes remotos provocar una denegación de servicio (cuelgue de aplicación) a través de un valor largo en el r (también conocido como Radius) atributo de un elemnto "circle", relacionado con un "bucle sin fijado" • https://www.exploit-db.com/exploits/8794 http://archives.neohapsis.com/archives/bugtraq/2009-05/0270.html http://archives.neohapsis.com/archives/bugtraq/2009-05/0271.html http://archives.neohapsis.com/archives/bugtraq/2009-05/0272.html http://blog.zoller.lu/2009/04/advisory-firefox-dos-condition.html http://www.securityfocus.com/archive/1/503825/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=393832 https://bugzilla.mozilla.org/show_bug.cgi?id=465615 https://ex • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 93%CPEs: 1EXPL: 1CVE-2009-1313 – Mozilla Firefox 3.0.9 - 'nsTextFrame::ClearTextRun()' Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2009-1313
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. La función nsTextFrame::ClearTextRun en layout/generic/nsTextFrameThebes.cpp en Mozilla Firefox v3.0.9 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y, probablemente, ejecutar código arbitrario a través de vectores no especificados. NOTA: esta vulnerabilidad existe porque supuestamente se dio una solución incorrecta para CVE-2009-1302. • https://www.exploit-db.com/exploits/32961 http://secunia.com/advisories/34851 http://secunia.com/advisories/34866 http://secunia.com/advisories/34910 http://secunia.com/advisories/34919 http://securitytracker.com/id?1022126 http://securitytracker.com/id?1022127 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.350967 http://www.mandriva.com/security/advisories?name=MDVSA-2009:111 http://www.mozilla.org/security/announce/2009/mfsa2009-23.html http&# • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 3%CPEs: 94EXPL: 1CVE-2009-1312 – Mozilla (Multiple Products) - Server Refresh Header Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1312
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. Mozilla Firefox anteriores a v3.0.9 y SeaMonkey no bloquean el código "javascript": URIs en cabeceras "Refresh" en respuestas HTTP, permitiendo a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) utilizando vectores relacinados con (1) inyectar una cabecera "Refresh" o (2) especificar el contenido de una cabecera "Refresh". • https://www.exploit-db.com/exploits/32942 http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35065 http://sunsolve.sun.com/search/document.do?assetkey=1-66-2 • CWE-16: Configuration •
CVSS: 6.8EPSS: 7%CPEs: 77EXPL: 5CVE-2009-1302 – Firefox 3 Layout engine crashes
https://notcve.org/view.php?id=CVE-2009-1302
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. El motor del navegador Mozilla Firefox v3.x anteriores a la v3.0.9, Thunderbird anteriores a la v2.0.0.22, y SeaMonkey anteriores a v1.1.16 permite a atacantes remotos producir una denegación de servicio (caída de aplicación) y posiblemente inicia una corrupción de memoria a través de vectores relacionados con (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) caso de pueba xslt_attributeset_ImportSameName.html para el compilador XSLT stylesheet , (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate y nsEditor::EndUpdateViewBatch, y (8) gfxSkipCharsIterator::SetOffsets, y otros vectores. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1797 http://www.debian.org/security/2009/dsa • CWE-399: Resource Management Errors •