CVSS: 4.3EPSS: 23%CPEs: 16EXPL: 0CVE-2007-2869 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2869
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form. La característica de automcompletado de formularios en el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y, posiblemente, versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU temporal persistente) a través de un número grande de caracteres en el formulario entregado. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35135 http://secunia.com/advisories/25476 http://secunia.com/advisories/25490 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia.com/advisories/25685 http://secunia.com/advisories/25750 http://secunia.com/advisories/25858 http://security.gentoo.org/glsa/glsa-200706-06.xml h •
CVSS: 4.3EPSS: 36%CPEs: 18EXPL: 0CVE-2007-2870
https://notcve.org/view.php?id=CVE-2007-2870
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos evitar la política del "mismo-origen" (same-origin) y llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) u otros ataques, utilizando el método addEventListener para añadir un evento de escucha para un sitio, que es ejecutado en el contexto de ese sitio. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35136 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25490 http://secunia.com/advisories/25491 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia. •
CVSS: 4.3EPSS: 17%CPEs: 18EXPL: 0CVE-2007-2871 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2871
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos simular o esconder el "browser chrome", como el de la barra de ubicación, mediante la colocación de popups XUL fuera de la ventana que contiene el buscador. NOTA: Esta vulnerabilidad se puede utilizar para ataques de phishing y otros tipos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://osvdb.org/35137 http://secunia.com/advisories/25469 http://secunia.com/advisories/25476 http://secunia.com/advisories/25488 http://secunia.com/advisories/25490 http://secunia.com/advisories/25491 http://secunia.com/advisories/25533 http://secunia.com/advisories/25534 http://secunia.com/advisories/25559 http://secunia.com/advisories/25635 http://secunia.com/advisories/25647 http://secunia. •
CVSS: 7.1EPSS: 5%CPEs: 1EXPL: 3CVE-2007-2671 – Mozilla Firefox 2.0.0.3 - Href Denial of Service
https://notcve.org/view.php?id=CVE-2007-2671
Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access. Mozilla Firefox 2.0.0.3 permite a atacantes remotos provocar denegación de servicio (caida de aplicación) a través de un nombre de host largo en un atributo HREF en un elemento A, lo cual dispara un acceso a memoria fuera del rango. • https://www.exploit-db.com/exploits/29940 http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/062773.html http://osvdb.org/35700 http://securityreason.com/securityalert/2704 http://www.critical.lt/research/opera_die_happy.html http://www.securityfocus.com/bid/23747 https://exchange.xforce.ibmcloud.com/vulnerabilities/33982 •
CVSS: 4.3EPSS: 8%CPEs: 3EXPL: 0CVE-2007-2292
https://notcve.org/view.php?id=CVE-2007-2292
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. Una vulnerabilidad de inyección CRLF en el soporte Digest Authentication para Mozilla Firefox anterior a la versión 2.0.0.8 y SeaMonkey anterior a la versión 1.1.5 permite a los atacantes remotos realizar ataques de división de peticiones HTTP por medio de LF (% 0a) bytes en el atributo de nombre de usuario. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://secunia.com/advisories/27276 http://secunia.com/advisories/27298 http://secunia.com/advisories/27311 http://secunia.com/advisories/27315 http://secunia.com/advisories/27325 http://secunia.com/advisories/27327 http://secunia.com/advisories/27335 http://secunia.com/advisories/27336 http://secunia.com/advisories/27356 http://secunia.com/advisories/27360 http://secunia.com/advisories/27383 http:/ • CWE-20: Improper Input Validation •