CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-1736
https://notcve.org/view.php?id=CVE-2007-1736
Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection. Mozilla Firefox 2.0.0.3 no comprueba las URL's embebidas en (1) objeto ó (2) Etiquetas HTML "iframe" contra la lista negra de sitios phising, lo cual permite a atacantes remotos evitar la protección phishing. • http://securityreason.com/securityalert/2488 http://www.securityfocus.com/archive/1/464041/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33487 •
CVSS: 6.8EPSS: 4%CPEs: 5EXPL: 1CVE-2007-1562 – Mozilla FireFox 1.5.x/2.0 - FTP PASV Port-Scanning
https://notcve.org/view.php?id=CVE-2007-1562
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. La implementación del protocolo FTP en Mozilla Firefox anterior a versión 1.5.0.11 y versión 2.x anterior a 2.0.0.3 permite a los atacantes remotos forzar al cliente a conectarse a otros servidores, realizar un análisis de puerto proxy o conseguir información confidencial por medio de la especificación de una dirección de servidor alterno en una respuesta PASV de FTP. • https://www.exploit-db.com/exploits/29768 http://bindshell.net/papers/ftppasv/ftp-client-pasv-manipulation.pdf http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/25476 http://secunia.com/advisories/25490 http://secunia.com/advisories/25858 http://www.mozilla.org/security/announce/2007/mfsa2007-11.html http://www.novell.com/linux/security/advisories/2007_36_mozilla.html http://www.openwall.com/lists/oss-security/2020/12/09/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 3CVE-2007-1377 – Adobe Reader Plugin 'AcroPDF.dll' 8.0.0.0 - Resource Consumption
https://notcve.org/view.php?id=CVE-2007-1377
AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236. AcroPDF.DLL de Adobe Reader 8.0, cuando se accede desde Mozilla Firefox, Netscape, ó Opera, permite a atacantes remotos provocar una denegación de servicio (agotamiento sin especificar de recursos) mediante una URL .pdf con un identificador de marcador que comienza con search= seguido de muchas secuencias %n, vulnerabilidad distinta a CVE-2006-6027 y CVE-2006-6236. • https://www.exploit-db.com/exploits/3430 http://www.securityfocus.com/bid/22856 http://www.securityfocus.com/data/vulnerabilities/exploits/22856.html https://exchange.xforce.ibmcloud.com/vulnerabilities/32896 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 3%CPEs: 5EXPL: 1CVE-2007-0994
https://notcve.org/view.php?id=CVE-2007-0994
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. Un error de regresión en Mozilla Firefox versión 2.x anterior a 2.0.0.2 y versión 1.x anterior a 1.5.0.10, y SeaMonkey versión 1.1 anterior a 1.1.1 y versión 1.0 anterior a 1.0.8, permite a los atacantes remotos ejecutar JavaScript arbitrario como usuario por medio de un mensaje de correo HTML con un javascript: URI en una etiqueta (1) img , (2) enlace o (3) style, que omite las comprobaciones de acceso y ejecuta código con privilegios de chromo. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=230733 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://secunia.com/advisories/24384 http://secunia.com/advisories/24395 http://secunia.com/advisories/24455 http://secunia.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2007-1256
https://notcve.org/view.php?id=CVE-2007-1256
Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. Mozilla Firefox 2.0.0.2 permite a atacantes remotos parodiar la barra de direcciones, iconos favoritos (favicons), y código fuente, y realizar actualizaciones en el contexto de sitios web de su elección, al poner repetidamente document.location en el atributo onunload cuando se enlaza otro sitio web, una variante de CVE-2007-1092. • http://marc.info/?l=full-disclosure&m=117258301222007&w=2 http://marc.info/?l=full-disclosure&m=117259225402112&w=2 http://osvdb.org/35913 http://www.securityfocus.com/archive/1/461437/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •