Page 434 of 2504 results (0.020 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-5022 – nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

https://notcve.org/view.php?id=CVE-2008-5022

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check. El método nsXMLHttpRequest::NotifyEventListeners en Firefox v3.x anterior a v3.0.4, Firefox v2.x anterior a v2.0.0.18, Thunderbird v2.x anterior a v2.0.0.18 y SeaMonkey v1.x anterior a v1.1.13; permite a atacantes remotos eludir la política de mismo-origen y ejecutar secuencias de comandos (scripts) de su elección a través de múltiples oyentes; esto evita la comprobación de la ventana interior. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http:// • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2008-5023 – Mozilla -moz-binding property bypasses security checks on codebase principals

https://notcve.org/view.php?id=CVE-2008-5023

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. Firefox 3.x antes de v3.0.4, Firefox 2.x antes de v2.0.0.18 y SeaMonkey 1.x antes de v1.1.13 permite a atacantes remotos evitar los mecanismos de protección para "codebase principals" y ejecutar secuencias de comandos de su elección mediante la propiedad -moz-binding CSS en un archivo signed JAR. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/34501 http:// • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

CVE-2008-5019 – Mozilla XSS via session restore

https://notcve.org/view.php?id=CVE-2008-5019

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors. La característica de restauración de sesión en Mozilla Firefox 3.x antes de 3.0.4 y 2.x antes de 2.0.0.18 permite a atacantes remotos violar la política de mismo origen para llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) y ejecutar Javascript de su elección con privilegios chrome mediante vectores desconocidos. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://ubuntu.com/usn/usn-667-1 http://www&# • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 1

CVE-2008-5024 – Mozilla parsing error in E4X default namespace

https://notcve.org/view.php?id=CVE-2008-5024

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18, Y SeaMonkey 1.x antes de 1.1.13 no escapan de manera apropiada los caracteres usados para el procesamiento XML, lo que permite a atacantes remotos realizar ataques de inyección de XML a través del espacio de nombres por defecto en un documento E4X. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http:// • CWE-91: XML Injection (aka Blind XPath Injection) •

CVSS: 9.3EPSS: 45%CPEs: 91EXPL: 0

CVE-2008-5013 – Mozilla Firefox Flash Player Dynamic Module Unloading Vulnerability

https://notcve.org/view.php?id=CVE-2008-5013

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. Mozilla Firefox 2.x antes de 2.0.0.18 y SeaMonkey 1.x antes de 1.1.13 no comprueba correctamente cuando se ha descargado dinámicamente el módulo Flash, lo que permite a atacantes remotos ejecutar código de su elección mediante un archivo SWF manipulado que "se descarga dinámicamente de una función Javascript externa", lo que dispara un acceso a una dirección de memoria que ha expirado. This vulnerability allows remote attackers to execute code on vulnerable installations of Mozilla Firefox with Adobe's Flash Player. User interaction is required in that a user must visit a malicious web site. The specific flaw exists due to a failure to check whether the Flash module has been properly dynamically unloaded. If an SWF file dynamically unloads itself via an outside JavaScript function, the browser will return to an address no longer mapped to the Flash module. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32714 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/34501 http://sunsolve.sun.com/search/document.do?assetkey=1-26-256408-1 http://ubuntu • CWE-399: Resource Management Errors •