CVSS: 9.3EPSS: 4%CPEs: 2EXPL: 0CVE-2007-5338
https://notcve.org/view.php?id=CVE-2007-5338
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. Mozilla Firefox versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permite a atacantes remotos ejecutar Javascript arbitrario con privilegios de usuario mediante el objeto Script para modificar XPCNativeWrappers de una manera que causa que el script se ejecute cuando una acción chrome sea realizada. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http:/ • CWE-16: Configuration CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 96%CPEs: 3EXPL: 0CVE-2007-5339
https://notcve.org/view.php?id=CVE-2007-5339
Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. Múltiples vulnerabilidades en el Mozilla Firefox anterior al 2.0.0.8, en el Thunderbird anterior al 2.0.0.8 y en el SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un HTML modificado que dispara una corrupción de memoria o errores de aserción. • http://bugs.gentoo.org/show_bug.cgi?id=196481 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27313 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27326 http://secunia.com/advisories&#x • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 59%CPEs: 3EXPL: 0CVE-2007-5340
https://notcve.org/view.php?id=CVE-2007-5340
Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modificado que dispara una corrupción de memoria. • http://bugs.gentoo.org/show_bug.cgi?id=196481 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00774579 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27313 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27326 http://secunia.com/advisories&#x • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2007-5459
https://notcve.org/view.php?id=CVE-2007-5459
Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la barra lateral de las páginas de HTML en la extensión MouseoverDictionary anterior a la 0.6.2 para el Mozilla Firefox, permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de vectores sin especificar. • http://jvn.jp/jp/JVN%2363304072/index.html http://maru.bonyari.jp/mouseoverdictionary http://osvdb.org/40475 http://secunia.com/advisories/27195 http://www.securityfocus.com/bid/26053 https://exchange.xforce.ibmcloud.com/vulnerabilities/37184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5414
https://notcve.org/view.php?id=CVE-2007-5414
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mozilla Firefox anterior a 2.0, cuando el contenido de un documento UTF-7 se renderiza directamente en UTF-7, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante un URI gopher que usa caracteres de comilla simple pra delimitar una cadena literal dentro de una secuencia XSS, un problema relacionado con CVE-2007-5415. • http://osvdb.org/43670 http://securityreason.com/securityalert/3216 http://www.securityfocus.com/archive/1/482006/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •