Page 435 of 2504 results (0.023 seconds)

CVSS: 9.3EPSS: 83%CPEs: 22EXPL: 0

CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability

https://notcve.org/view.php?id=CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMonkey v1.x antes de la v1.1.13 permite a atacantes remotos producir una denegación de servicio (caída) y una posible ejecución de código a su elección modificación de las propiedades de un elemento de entrada de fichero mientras se inicia, cuando se esta utilizando el método blur para acceder a no ha sido inicializada. This vulnerability allows attackers to potentially execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists when a DOM method on a specific HTML form object is called before the object itself has actually completed it's initialization. This will lead to a call of uninitialized data which can result in code execution under the context of the current user. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32694 http://secunia.com/advisories/32695 http://secunia.com/advisories/32713 http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32798 http://secunia.com/advisories/32845 http:// • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2008-4723

https://notcve.org/view.php?id=CVE-2008-4723

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox v3.0.1 hasta v3.0.3 permiten a atacantes remotos inyectar web script o HTML a través de una URL ftp:// de un documento HTML dentro de un fichero (1) JPG, (2) PDF, o (3) TXT. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a solamente a partir de la información de terceros. • http://www.securityfocus.com/bid/31855 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 48EXPL: 1

CVE-2008-4582 – Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation

https://notcve.org/view.php?id=CVE-2008-4582

Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810. Mozilla Firefox 3.0.1 hasta la versión 3.0.3, Firefox 2.x en versiones anteriores a 2.0.0.18 y SeaMonkey 1.x en versiones anteriores a 1.1.13, cuando se ejecuta en Windows, no identifican correctamente el contexto de los archivos de acceso directo de Windows .url, lo que permite a atacantes remotos asistidos por usuario eludir la Same Origin Policy y obtener información sensible a través de un documento HTML que es accesible directamente a través de un sistema de archivos, como se demuestra por los documentos en (1) carpetas locales, (2) carpetas compartidas de Windows y (3) archivos RAR y como se demuestra por IFRAMEs referenciando shortcuts que apuntan a (a) about:cache?device=memory y (b) about:cache? • https://www.exploit-db.com/exploits/32466 http://liudieyu0.blog124.fc2.com/blog-entry-6.html http://secunia.com/advisories/32192 http://secunia.com/advisories/32684 http://secunia.com/advisories/32693 http://secunia.com/advisories/32714 http://secunia.com/advisories/32721 http://secunia.com/advisories/32778 http://secunia.com/advisories/32845 http://secunia.com/advisories/32853 http://secunia.com/advisories/33433 http://secunia.com/advisories/33434 http://secunia.com • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 9%CPEs: 2EXPL: 4

CVE-2008-4324 – Mozilla Firefox 3.0.3 - User Interface Null Pointer Dereference Crash

https://notcve.org/view.php?id=CVE-2008-4324

The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected. El despachador de eventos de la interfaz de usuario en Mozilla Firefox versión 3.0.3, en Windows XP SP2, permite a los atacantes remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo de aplicación) por medio de una serie de eventos de keypress, click, onkeydown, onkeyup, onmousedown, y onmouseup. NOTA: más tarde se reportó que Firefox versión 3.0.2 en Mac OS X versión 10.5 también está afectado. • https://www.exploit-db.com/exploits/6614 http://evilfingers.com/advisory/Firefox_User_Interface_Null_Pointer_Dereference_Dispatcher_Crash_n_Remote_DoS.php http://secunia.com/advisories/32040 http://securityreason.com/securityalert/4321 http://www.secniche.org/moz303.html http://www.secniche.org/moz303/index.html http://www.securityfocus.com/archive/1/496807/100/0/threaded http://www.securityfocus.com/archive/1/496846/100/0/threaded http://www.securityfocus.com/bid/31476 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 57%CPEs: 65EXPL: 0

CVE-2008-4059 – Mozilla privilege escalation via XPCnativeWrapper pollution

https://notcve.org/view.php?id=CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. El componente XPConnect en Firefox de Mozilla antes de 2.0.0.17 permite a atacantes remotos "contaminar XPCNativeWrappers" y ejecutar código de su elección con privilegios chrome mediante vectores relacionados con un elemento SCRIPT. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html http://secunia.com/advisories/31984 http://secunia.com/advisories/31985 http://secunia.com/advisories/32007 http://secunia.com/advisories/32010 http://secunia.com/advisories/32012 http://secunia.com/advisories/32025 http://secunia.com/advisories/32042 http://secunia.com/advisories/32044 http://secunia.com/advisories/32082 http://secunia.com/advisorie • CWE-264: Permissions, Privileges, and Access Controls •