Page 451 of 2504 results (0.037 seconds)

CVSS: 5.0EPSS: 6%CPEs: 88EXPL: 0

CVE-2007-4879

https://notcve.org/view.php?id=CVE-2007-4879

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. Mozilla Firefox anterior a Firefox versión 2.0.0.13, y SeaMonkey anterior a versión 1.1.9, pueden instalar automáticamente certificados de cliente TLS con una interacción mínima del usuario y enviar automáticamente estos certificados cuando se solicitan, lo que facilita que los sitios web remotos puedan realizar un seguimiento de las actividades de los usuarios en todos los dominios mediante la solicitud de los certificados de cliente TLS de otros dominios. • http://0x90.eu/ff_tls_poc.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html http://secunia.com/advisories/29526 http://secunia.com/advisories/29539 http://secunia.com/advisories/29541 http://secunia.com/advisories/29547 http://secunia.com/advisories/29558 http://secunia.com/advisories/29560 http://secunia.com/advisories/29616 http://secunia.com/advisories/29645 http://secunia.com/advisories/30327 http://secunia.com/advisories/30620 http:/&#x •

CVSS: 9.3EPSS: 3%CPEs: 3EXPL: 0

CVE-2007-4841

https://notcve.org/view.php?id=CVE-2007-4841

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. Mozilla Firefox versiones anteriores a 2.0.0.8, Thunderbird versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permiten a atacantes remotos ejecutar comandos arbitrarios por medio de un URI (1) mailto, (2) nntp, (3) news o (4) snews con codificación "%" no válida, relacionada con el manejo de un tipo de archivo inapropiado en Windows XP con Internet Explorer versión 7 instalado, una variante de CVE-2007-3845. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27360 http://secunia.com/advisories/27414 http://secunia.com/advisories/27744 http://secunia.com/advisories/28363 http://secunia.com/advisories/28398 http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-sec • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 7%CPEs: 1EXPL: 2

CVE-2007-4357

https://notcve.org/view.php?id=CVE-2007-4357

Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. Mozilla Firefox 2.0.0.6 y anteriores permite a atacantes remotos falsificar los contenidos de la barra de estado mediante un enlace a un URI data: conteniendo una URL codificada. NOTA: la severidad de este problema ha sido cuestionada por una tercera parte fiable, puesto que la funcionalidad pretendida de la barra de estado permite que sea modificada. • http://my.opera.com/MichalBucko/blog/firefox-2-0-0-5-uri-encoding-allows-phishing http://www.eleytt.com/michal.bucko/Eleytt_PhishAGoGo/bucked2.html http://www.securityfocus.com/archive/1/475467/100/100/threaded http://www.securityfocus.com/archive/1/475531/100/100/threaded http://www.securityfocus.com/archive/1/475651/100/0/threaded http://www.securityfocus.com/archive/1/475970/100/0/threaded http://www.securityfocus.com/archive/1/476062/100/0/threaded •

CVSS: 4.3EPSS: 95%CPEs: 3EXPL: 2

CVE-2007-3844 – Mozilla Firefox/Thunderbird/SeaMonkey - Chrome-Loaded About:Blank Script Execution

https://notcve.org/view.php?id=CVE-2007-3844

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 y anterior a 1.5.0.13, y SeaMonkey 1.1.3 permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) con privilegios de chrome mediante un complemento que inserta un enlace (1) javascript: o (2)data: dentro de un documento about:blank cargado por chrome a través de (a) la función window.open o (b) una asignación content.location, también conocido como "Secuencia de comandos en Contexto Cruzado (Cross Context Scripting). NOTA: este problema está provocado por una regresión de CVE-2007-3089. • https://www.exploit-db.com/exploits/30439 http://bugzilla.mozilla.org/show_bug.cgi?id=388121 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/26234 http://secunia.com/advisories/26258 http://secunia.com/advisories/26288 http://secunia.com/advisories/26303 http://secunia.com/advisories/26309 http://secunia.com/advisories/26331 http://secunia.com •

CVSS: 9.3EPSS: 95%CPEs: 4EXPL: 1

CVE-2007-3845 – Multiple Browsers - URI Handlers Command Injection

https://notcve.org/view.php?id=CVE-2007-3845

Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." Mozilla Firefox anterior a 2.0.0.6, Thunderbird anterior a 1.5.0.13 y 2.x anterior a 2.0.0.6, y SeaMonkey anterior a 1.1.4 permite a atacantes remotos ejecutar código de su elección mediante ciertos vectores asociados con el lanzamiento de "un programa de manejo de ficheros basado en la extensión del fichero al final del URI", una variante de CVE-2007-4041. El vendedor afirma que "todavía es posible lanzar un manipulador de tipo de fichero basado en la extensión en lugar de el manipulador de protocolo registrado". • https://www.exploit-db.com/exploits/30381 http://bugzilla.mozilla.org/show_bug.cgi?id=389580 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/26234 http://secunia.com/advisories/26258 http://secunia.com/advisories/26303 http://secunia.com/advisories/26309 http://secunia.com/advisories/26331 http://secunia.com/advisories/26335 http://secunia.com •