CVSS: 4.9EPSS: 0%CPEs: 58EXPL: 0CVE-2008-5913 – mozilla: in-session phishing attack
https://notcve.org/view.php?id=CVE-2008-5913
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." La función Math.random en la implementación de JavaScript en Mozilla Firefox versiones 3.5.x anteriores a 3.5.10 y versiones 3.6.x anteriores a 3.6.4, y SeaMonkey anterior a versión 2.0.5, usa un generador de números aleatorios que es insertado sólo una vez por sesión de navegador, lo que facilita a los atacantes remotos rastrear a un usuario, o engañar a un usuario para que actúe en base a un mensaje emergente falsificado, calculando el valor seed, en relación a una "temporary footprint" y un "in-session phishing attack." • http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html http://secunia.com/advisories/40326 http://secunia.com/advisories/40401 http://secunia.com/advisories/40481 http://support.avaya.com/css/P8/documents/100091069 http •
CVSS: 2.6EPSS: 7%CPEs: 9EXPL: 3CVE-2009-0071 – Mozilla Firefox 3.0.6 - BODY onload Remote Crash
https://notcve.org/view.php?id=CVE-2009-0071
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected. Mozilla Firefox versión 3.0.5 y anteriores de 3.0.x, cuando designMode está habilitado, permite a atacantes remotos causar una denegación de servicio (desreferencia de un puntero NULL y bloqueo de aplicación) por medio de cierta llamada de (a) replaceChild o (b) removeChild, seguida por una llamada de (1) queryCommandValue, (2) queryCommandState, o (3) queryCommandIndeterm. NOTA: más tarde se informó que las versiones 3.0.6 y 3.0.7 también están afectadas. • https://www.exploit-db.com/exploits/8091 http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0220.html http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0223.html http://archives.neohapsis.com/archives/fulldisclosure/2009-01/0224.html http://www.securityfocus.com/bid/33154 https://bugzilla.mozilla.org/show_bug.cgi?id=448329 https://bugzilla.mozilla.org/show_bug.cgi?id=456727 https://bugzilla.mozilla.org/show_bug.cgi?id=472507 https://www.exploit-db.com/exploits&#x • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 1CVE-2008-5822
https://notcve.org/view.php?id=CVE-2008-5822
Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document. Fugas de memoria en Libxul, como las utilizadas en Mozilla Firefox v3.0.5 y otros productos, permiten a atacantes remotos provocar una denegación de servicio (consumo de memoria y cuelgue del navegador) a través del un atributo CLASS largo en un elemento HR de un documento HTML. • http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.html http://www.packetstormsecurity.org/0812-exploits/mzff_libxul_ml.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/47758 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 2%CPEs: 2EXPL: 1CVE-2008-5715 – Mozilla Firefox 3.0.5 - location.hash Remote Crash
https://notcve.org/view.php?id=CVE-2008-5715
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU consumption and application hang in unspecified circumstances perhaps involving other platforms. Firefox 3.0.5 de Mozilla en Windows Vista permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) mediante código JavaScript con un valor de cadena largo para la propiedad hash (también conocido como location.hash). • https://www.exploit-db.com/exploits/7554 http://osvdb.org/51032 http://securityreason.com/securityalert/4807 http://websecurity.com.ua/3424 http://www.securityfocus.com/archive/1/506006/100/0/threaded http://www.securityfocus.com/bid/32988 https://exchange.xforce.ibmcloud.com/vulnerabilities/47572 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 4%CPEs: 5EXPL: 0CVE-2008-5502 – JavaScript engine crash - Firefox 3 only
https://notcve.org/view.php?id=CVE-2008-5502
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. El motor de diseño en Mozilla Firefox 3.x antes de v3.0.5, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores que disparan una corrupción de memoria, relacionada con las funciones GetXMLEntity y FastAppendChar. • http://secunia.com/advisories/33188 http://secunia.com/advisories/33189 http://secunia.com/advisories/33203 http://secunia.com/advisories/33216 http://secunia.com/advisories/33421 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://www.mandriva.com/security/advisories?name=MDVSA-2008:245 http://www.mozilla.org/security/announce/2008/mfsa2008-60.html http://www.redhat.com/support/errata/RHSA-2008-1036.html http://ww • CWE-399: Resource Management Errors •