CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 0CVE-2007-4041
https://notcve.org/view.php?id=CVE-2007-4041
Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. Múltiples vulnerabilidades de inyección de argumento en Mozilla Firefox 2.0.0.5 y 3.0alpha permite a atacantes remotos ejecutar comandos de su elección mediante un byte NULL (%00) y metacaracteres de consola de comandos en URIs (1) mailto, (2) nntp, (3) news, (4) snews, ó (5) telnet, asunto similar a CVE-2007-3670. • http://www.kb.cert.org/vuls/id/783400 http://www.securityfocus.com/bid/25053 http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005 http://xs-sniper.com/blog/remote-command-exec-firefox-2005 https://bugzilla.mozilla.org/show_bug.cgi?id=389106 https://bugzilla.mozilla.org/show_bug.cgi?id=389580 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4038
https://notcve.org/view.php?id=CVE-2007-4038
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. Una vulnerabilidad de inyección de argumentos en Mozilla Firefox versiones anteriores a 2.0.0.5, cuando se ejecuta en sistemas con Thunderbird versión 1.5 instalado y ciertas URI registradas, permite a atacantes remotos conducir ataques de tipo cross-browser scripting y ejecutar comandos arbitrarios por medio de metacaracteres shell en una URI mailto, que se insertan en la línea de comandos que es creada al invocar el archivo Thunderbird.exe, un problema similar a CVE-2007-3670. • http://larholm.com/2007/07/25/mozilla-protocol-abuse http://seclists.org/fulldisclosure/2007/Jul/0557.html http://www.securityfocus.com/archive/1/474624/100/0/threaded http://www.securityfocus.com/archive/1/474686/100/0/threaded • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 74%CPEs: 10EXPL: 0CVE-2007-3735
https://notcve.org/view.php?id=CVE-2007-3735
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en el motor JavaScript de Mozilla Firefox anterior a 2.0.0.5 y Thunderbird anterior a 2.0.0.5 permiten a atacantes remotos provocar una denegación de servicio (caída) mediante vectores no especificados que disparan una corrupción de memoria. • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/25589 http://secunia.com/advisories/26072 http://secunia.com/advisories/26095 http://secunia.com/advisories/26096 http://secunia.com/advisories/26103 http://se •
CVSS: 9.3EPSS: 87%CPEs: 5EXPL: 0CVE-2007-3737
https://notcve.org/view.php?id=CVE-2007-3737
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." Mozilla Firefox versiones anteriores a 2.0.0.5 permite a atacantes remotos ejecutar código de su elección con privilegios "chrome" al invocar un gestor de eventos desde un "elemento fuera del documento" no especificado. • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/25589 http://secunia.com/advisories/26072 http://secunia.com/advisories/26095 http://secunia.com/advisories/26103 http://secunia.com/advisories/26106 http://secunia.com/advisories/26107 http://secunia.com/advisories/26149 http://secu •
CVSS: 4.3EPSS: 45%CPEs: 5EXPL: 0CVE-2007-3736
https://notcve.org/view.php?id=CVE-2007-3736
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anterior a 2.0.0.5 permite a atacantes remotos inyectar secuencias de comandos web "dentro de otros contextos del sitio" a través un "asunto de coordinación" afectando a las funciones (1) addEventListener o (2) setTimeout, probablemente a través de la configuración de eventos que son activados después de que el contexto haya cambiado. • ftp://ftp.slackware.com/pub/slackware/slackware-12.0/ChangeLog.txt ftp://patches.sgi.com/support/free/security/advisories/20070701-01-P.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/25589 http://secunia.com/advisories/26072 http://secunia.com/advisories/26095 http://secunia.com/advisories/26103 http://secunia.com/advisories/26106 http://secunia.com/advisories/26107 http://secunia.com/advisories/26149 http://secu •