Page 427 of 2337 results (0.017 seconds)

CVSS: 6.8EPSS: 96%CPEs: 86EXPL: 0

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. Un subdesbordamiento de enteros en el soporte SSLv2 en Mozilla Network Security Services (NSS) versiones anteriores a 3.11.5, como es usado por Firefox versiones anteriores a 1.5.0.10 y versiones 2.x anteriores a 2.0.0.2, SeaMonkey versiones anteriores a 1.0.8, Thunderbird versiones anteriores a 1.5.0.10, y ciertos productos de servidor de Sun Java System anteriores a 20070611, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje de servidor SSLv2 especialmente diseñado que contiene una clave pública que es demasiado corta para cifrar el "Master Secret", lo resulta en un desbordamiento en la región heap de la memoria. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2709 http://fedoranews.org/cms/node/2711 http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://labs.idefense.com/ • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 14%CPEs: 30EXPL: 0

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. Mozilla Firefox versión 2.0.0.1 y anteriores, no sugiere a los usuarios antes de guardar un bookmarklets, lo que permite a los atacantes remotos omitir la política del mismo dominio engañando a un usuario para que guarde un bookmarklet con un esquema data:, que es ejecutado en el contexto de la última página web visitada. • http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html http://lcamtuf.coredump.cx/ffbook http://osvdb.org/33803 http://securityreason.com/securityalert/2304 http://www.heise-security.co.uk/news/85728 http://www.securityfocus.com/archive/1/460885/100/0/threaded http://www.securityfocus.com/archive/1/460890/100/0/threaded http://www.securityfocus.com/archive/1/460896/100/0/threaded http://www.securityfocus.com/archive/1/461021/100/0/threaded http://www • CWE-16: Configuration •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. Mozilla Firefox podría permitir a los atacantes remotos conducir ataques de suplantación y falsificación de identidad al escribir en una pestaña about:blank y sobreponer la barra de ubicación. • http://osvdb.org/33255 http://osvdb.org/33769 http://secunia.com/advisories/24153 http://securityreason.com/securityalert/2264 http://www.securityfocus.com/archive/1/460369/100/0/threaded http://www.securityfocus.com/archive/1/460412/100/0/threaded http://www.securityfocus.com/archive/1/460617/100/0/threaded http://www.securityfocus.com/bid/22601 https://exchange.xforce.ibmcloud.com/vulnerabilities/32580 •

CVSS: 7.5EPSS: 97%CPEs: 51EXPL: 2

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8, permiten a los atacantes remotos omitir la políticas de mismo origen, robar cookies y conducir otros ataques escribiendo un URI con un byte NULL a la propiedad DOM del host (location.hostname), debido a las interacciones con el código de resolución DNS. • https://www.exploit-db.com/exploits/3340 ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.dione.cc/ffhostname.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errat • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.4EPSS: 1%CPEs: 2EXPL: 1

Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. Mozilla Firefox 2.0.0.1 permite a atacantes remotos evitar el mecanismo de Protección de Phising añadiendo caracteres concretos al final del nombre de dominio, como se demuestra con los caractere "." y "/", que no se capturan por el filtro de lista negra Lista de Phising. • http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html http://kaneda.bohater.net/security/20070111-firefox_2.0.0.1_bypass_phishing_protection.php http://osvdb.org/33705 http://www.securityfocus.com/archive/1/459265/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=367538 • CWE-20: Improper Input Validation •