CVSS: 5.0EPSS: 4%CPEs: 1EXPL: 0CVE-2008-2014
https://notcve.org/view.php?id=CVE-2008-2014
Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. Mozilla Firefox 3.0 beta 5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de código JavaScript que llama a document.write en un bucle infinito. • http://es.geocities.com/jplopezy/pruebamozilla.html http://securityreason.com/securityalert/3835 http://www.securityfocus.com/archive/1/491196/100/0/threaded http://www.securityfocus.com/archive/1/491197/100/0/threaded http://www.securityfocus.com/archive/1/491354/100/0/threaded http://www.securityfocus.com/archive/1/491355/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/42154 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 6%CPEs: 49EXPL: 0CVE-2008-1380 – Firefox JavaScript garbage collection crash
https://notcve.org/view.php?id=CVE-2008-1380
The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.14, Thunderbird versiones anteriores a 2.0.0.14, y SeaMonkey versiones anteriores a 1.1.10 permite a atacantes remotos provocar una denegación de servicio (caída del colector de basura) y posiblemente tener otros impactos mediante un página web manipulada. NOTA: esto es debido a un parche incorrecto para el CVE-2008-1237. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/29787 http://secunia.com/advisories/29793 http://secunia.com/advisories/29828 http://secunia.com/advisories/29860 http://secunia.com/advisories/29883 http://secunia.com/advisories/29908 http://secunia.com/advisories/29911 http://secunia.com/advisories/29912 http://secunia.com/advisories/29947 http://secunia.com/advisories/30012 http://secunia.com/advisories/30029 http:// • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 45%CPEs: 3EXPL: 0CVE-2008-1237 – javascript crashes
https://notcve.org/view.php?id=CVE-2008-1237
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección a través de vectores desconocidos en relación al motor JavaScript. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 44%CPEs: 105EXPL: 0CVE-2008-1235 – chrome privilege via wrong principal
https://notcve.org/view.php?id=CVE-2008-1235
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." Vulnerabilidad no especificada en Mozilla Firefox en versiones anteriores a 2.0.0.13, Thunderbird en versiones anteriores a 2.0.0.13 y SeaMonkey en versiones anteriores a 1.1.9 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos que provoca que JavaScript se ejecute con el principal equivocado, vulnerabilidad también conocida como "Escalado de privilegios a través de principales incorrectos". • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/2 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1234 – universal XSS using event handlers
https://notcve.org/view.php?id=CVE-2008-1234
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox versiones anteriores a 2.0.0.13, Thunderbird versiones anteriores a 2.0.0.13, y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos inyectar web script o HTML de su elección a través de gestores de eventos, también conocido como "Universal XSS using event handlers." • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://rhn.redhat.com/errata/RHSA-2008-0208.html http://secunia.com/advisories/29391 http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29548 http://secunia.com/advisories/29550 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •