CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5896
https://notcve.org/view.php?id=CVE-2007-5896
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI. Mozilla Firefox 2.0.0.9 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU y caída) mediante un iframe con Javascript que establece el document.location para que contenga un byte importante NULL (\x00) y un URI (1) res://, (2) about:config, o (3) file:///. • http://osvdb.org/45296 http://www.0x000000.com/index.php?i=467&bin=111010011 http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2007-11/msg00094.html https://exchange.xforce.ibmcloud.com/vulnerabilities/38233 • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5691
https://notcve.org/view.php?id=CVE-2007-5691
ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer." ParseFTPList.cpp de Mozilla Firefox 2.0.0.7 permite a servidores FTP remotos provocar una denegación de servicio (caída de aplicación) mediante respuestas manipuladas a un comando e listado no especificado, relativo a "leer de un puntero inválido". • http://osvdb.org/43609 http://securityreason.com/securityalert/3319 http://www.eleytt.com/advisories/eleytt_FFPARSEFTPLIST.pdf http://www.securityfocus.com/archive/1/482597/100/0/threaded http://www.securityfocus.com/bid/26159 https://exchange.xforce.ibmcloud.com/vulnerabilities/37334 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 11%CPEs: 1EXPL: 0CVE-2007-5335
https://notcve.org/view.php?id=CVE-2007-5335
Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. Mozilla Firefox 2.0 anterior a 2.0.0.8 permite a atacantes remotos obtener información sensible del sistema a través de la utilización del método sidebar addMicrosummaryGenerator en el acceso de archivo: URIs. • http://osvdb.org/42470 http://secunia.com/advisories/27335 http://secunia.com/advisories/27387 http://secunia.com/advisories/27665 http://www.gentoo.org/security/en/glsa/glsa-200711-14.xml https://bugzilla.mozilla.org/show_bug.cgi?id=390983 https://exchange.xforce.ibmcloud.com/vulnerabilities/37428 https://usn.ubuntu.com/535-1 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00355.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0CVE-2007-5334
https://notcve.org/view.php?id=CVE-2007-5334
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. Mozilla Firefox en versiones anteriores a 2.0.0.8 y SeaMonkey en versiones anteriores a 1.1.5 pueden ocultar la barra de título de la ventana cuando muestra documentos de lenguaje de marcado XUL, lo que hace más fácil para atacantes remotos llevar a cabo ataques de phishing y spoofing ajustando el atributo hidechrome. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http:/ • CWE-16: Configuration •
CVSS: 4.3EPSS: 25%CPEs: 4EXPL: 0CVE-2007-5337
https://notcve.org/view.php?id=CVE-2007-5337
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. El Mozilla Firefox anterior al 2.0.0.8 y el SeaMonkey anterior al 1.1.5, cuando corren bajo sistemas Linux con el soporte gnome-vfs, puede permitir a atacantes remotos leer ficheros de su elección en servidores SSH/sftp que aceptan la clave de autenticación mediante la creación de una página web en el servidor objetivo, en donde la página web contenga URIs con esquemas (1) smb: o (2) sftp: que acceden a otros ficheros del servidor. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http://secunia.com/advisories/27387 http://secunia.com/advisories/27403 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •