CVSS: 4.3EPSS: 37%CPEs: 18EXPL: 0CVE-2007-2870
https://notcve.org/view.php?id=CVE-2007-2870
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos evitar la política del "mismo-origen" (same-origin) y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) u otros ataques, utilizando el método addEventListener para añadir un evento de escucha para un sitio, que es ejecutado en el contexto de ese sitio. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35136 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25490 http://secunia.com/advisories/25491 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia. •
CVSS: 7.1EPSS: 5%CPEs: 1EXPL: 3CVE-2007-2671 – Mozilla Firefox 2.0.0.3 - Href Denial of Service
https://notcve.org/view.php?id=CVE-2007-2671
Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. Mozilla Firefox 2.0.0.3 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de un nombre de host largo en un atributo HREF en un elemento A, lo cual dispara un acceso a memoria fuera del rango. • https://www.exploit-db.com/exploits/29940 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html http://osvdb.org/35700 http://securityreason.com/securityalert/2704 http://www.critical.lt/research/opera_die_happy.html http://www.securityfocus.com/bid/23747 https://exchange.xforce.ibmcloud.com/vulnerabilities/33982 •
CVSS: 4.3EPSS: 8%CPEs: 3EXPL: 0CVE-2007-2292
https://notcve.org/view.php?id=CVE-2007-2292
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. Una vulnerabilidad de inyección CRLF en el soporte Digest Authentication para Mozilla Firefox anterior a la versión 2.0.0.8 y SeaMonkey anterior a la versión 1.1.5 permite a los atacantes remotos realizar ataques de división de peticiones HTTP por medio de LF (% 0a) bytes en el atributo de nombre de usuario. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http:/ • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2162
https://notcve.org/view.php?id=CVE-2007-2162
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. (1) Mozilla Firefox 2.0.0.3 y (2) GNU IceWeasel 2.0.0.3 permite a atacantes remotos provocar denegación de servicio (caida del navegador o cuelgue de aplicación) a través de JavaScript que valida una expresión regular con una cadena larga, como se demostró utilizando /(.)*/. • http://www.securityfocus.com/archive/1/466017/100/0/threaded http://www.securityfocus.com/archive/1/466147/100/0/threaded http://www.securityfocus.com/archive/1/466220/100/0/threaded •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1762
https://notcve.org/view.php?id=CVE-2007-1762
Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. Mozilla Firefox 2.0.0.1 hasta 2.0.0.3 no normaliza las URLs antes de validarlas contra la lista negra de phishing, lo cual permite a atacantes remotos evitar la protección phishing a través de múltiples caracteres / (slash) en la URL. • http://osvdb.org/34535 http://www.securityfocus.com/archive/1/464149/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33486 •