Page 460 of 2504 results (0.016 seconds)

CVSS: 9.3EPSS: 96%CPEs: 3EXPL: 1

CVE-2007-1092

https://notcve.org/view.php?id=CVE-2007-1092

Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. Mozilla Firefox 1.5.0.9 y 2.0.0.1, y SeaMonkey versiones anteriores a 1.0.8 permite a atacantes remotos ejecutar código de su elección mediante gestores Javascript onUnload que modifican la estructura de un documento, lo cual dispara corrupción de memoria debido una deficiencia de un enganche (hook) finalize en objetos DOM tipo window. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0525.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://osvdb.org/32103 http://secunia.com/advisories/24333 http://secunia.com/advisories/24343 http://secunia.com/ad •

CVSS: 6.8EPSS: 96%CPEs: 10EXPL: 0

CVE-2007-0009 – NSS: SSLv2 protocol buffer overflows

https://notcve.org/view.php?id=CVE-2007-0009

Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. Un desbordamiento de búfer en la región stack de la memoria en el soporte SSLv2 en Mozilla Network Security Services (NSS) anterior a versión 3.11.5, tal y como es usado por Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, Thunderbird anterior a versión 1.5.0.10, SeaMonkey anterior a versión 1.0.8, y ciertos productos de servidor Sun Java System anterior al 20070611, permite a los atacantes remotos ejecutar código arbitrario por medio de valores de longitud "Client Master Key" no válidos. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2709 http://fedoranews.org/cms/node/2711 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=483 http://lists.suse.com/archive/suse-s • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.8EPSS: 96%CPEs: 86EXPL: 0

CVE-2007-0008 – NSS: SSLv2 protocol buffer overflows

https://notcve.org/view.php?id=CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. Un subdesbordamiento de enteros en el soporte SSLv2 en Mozilla Network Security Services (NSS) versiones anteriores a 3.11.5, como es usado por Firefox versiones anteriores a 1.5.0.10 y versiones 2.x anteriores a 2.0.0.2, SeaMonkey versiones anteriores a 1.0.8, Thunderbird versiones anteriores a 1.5.0.10, y ciertos productos de servidor de Sun Java System anteriores a 20070611, permite a atacantes remotos ejecutar código arbitrario por medio de un mensaje de servidor SSLv2 especialmente diseñado que contiene una clave pública que es demasiado corta para cifrar el "Master Secret", lo resulta en un desbordamiento en la región heap de la memoria. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2709 http://fedoranews.org/cms/node/2711 http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://labs.idefense.com/ • CWE-189: Numeric Errors •

CVSS: 6.8EPSS: 14%CPEs: 30EXPL: 0

CVE-2007-1084

https://notcve.org/view.php?id=CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. Mozilla Firefox versión 2.0.0.1 y anteriores, no sugiere a los usuarios antes de guardar un bookmarklets, lo que permite a los atacantes remotos omitir la política del mismo dominio engañando a un usuario para que guarde un bookmarklet con un esquema data:, que es ejecutado en el contexto de la última página web visitada. • http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html http://lcamtuf.coredump.cx/ffbook http://osvdb.org/33803 http://securityreason.com/securityalert/2304 http://www.heise-security.co.uk/news/85728 http://www.securityfocus.com/archive/1/460885/100/0/threaded http://www.securityfocus.com/archive/1/460890/100/0/threaded http://www.securityfocus.com/archive/1/460896/100/0/threaded http://www.securityfocus.com/archive/1/461021/100/0/threaded http://www • CWE-16: Configuration •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-1004

https://notcve.org/view.php?id=CVE-2007-1004

Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. Mozilla Firefox podría permitir a los atacantes remotos conducir ataques de suplantación y falsificación de identidad al escribir en una pestaña about:blank y sobreponer la barra de ubicación. • http://osvdb.org/33255 http://osvdb.org/33769 http://secunia.com/advisories/24153 http://securityreason.com/securityalert/2264 http://www.securityfocus.com/archive/1/460369/100/0/threaded http://www.securityfocus.com/archive/1/460412/100/0/threaded http://www.securityfocus.com/archive/1/460617/100/0/threaded http://www.securityfocus.com/bid/22601 https://exchange.xforce.ibmcloud.com/vulnerabilities/32580 •