Page 464 of 2521 results (0.011 seconds)

CVSS: 6.8EPSS: 14%CPEs: 30EXPL: 0

CVE-2007-1084

https://notcve.org/view.php?id=CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. Mozilla Firefox versión 2.0.0.1 y anteriores, no sugiere a los usuarios antes de guardar un bookmarklets, lo que permite a los atacantes remotos omitir la política del mismo dominio engañando a un usuario para que guarde un bookmarklet con un esquema data:, que es ejecutado en el contexto de la última página web visitada. • http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html http://lcamtuf.coredump.cx/ffbook http://osvdb.org/33803 http://securityreason.com/securityalert/2304 http://www.heise-security.co.uk/news/85728 http://www.securityfocus.com/archive/1/460885/100/0/threaded http://www.securityfocus.com/archive/1/460890/100/0/threaded http://www.securityfocus.com/archive/1/460896/100/0/threaded http://www.securityfocus.com/archive/1/461021/100/0/threaded http://www • CWE-16: Configuration •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2007-1004

https://notcve.org/view.php?id=CVE-2007-1004

Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. Mozilla Firefox podría permitir a los atacantes remotos conducir ataques de suplantación y falsificación de identidad al escribir en una pestaña about:blank y sobreponer la barra de ubicación. • http://osvdb.org/33255 http://osvdb.org/33769 http://secunia.com/advisories/24153 http://securityreason.com/securityalert/2264 http://www.securityfocus.com/archive/1/460369/100/0/threaded http://www.securityfocus.com/archive/1/460412/100/0/threaded http://www.securityfocus.com/archive/1/460617/100/0/threaded http://www.securityfocus.com/bid/22601 https://exchange.xforce.ibmcloud.com/vulnerabilities/32580 •

CVSS: 7.5EPSS: 97%CPEs: 51EXPL: 2

CVE-2007-0981 – Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain

https://notcve.org/view.php?id=CVE-2007-0981

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8, permiten a los atacantes remotos omitir la políticas de mismo origen, robar cookies y conducir otros ataques escribiendo un URI con un byte NULL a la propiedad DOM del host (location.hostname), debido a las interacciones con el código de resolución DNS. • https://www.exploit-db.com/exploits/3340 ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.dione.cc/ffhostname.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errat • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1

CVE-2007-0801

https://notcve.org/view.php?id=CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. La función nsExternalAppHandler::SetUpTempFile del Mozilla Firefox 1.5.0.9 crea ficheros temporales con nombres de ficheros predecibles basados en la fecha de creación, lo que permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección mediante la manipulación del XMLHttpRequest. • http://secunia.com/advisories/24393 http://secunia.com/advisories/24437 http://security.gentoo.org/glsa/glsa-200703-04.xml http://www.gentoo.org/security/en/glsa/glsa-200703-08.xml http://www.osvdb.org/32108 http://www.securityfocus.com/archive/1/459162/100/0/threaded http://www.securityfocus.com/archive/1/459163/100/0/threaded http://www.securityfocus.com/bid/22396 •

CVSS: 4.3EPSS: 55%CPEs: 1EXPL: 1

CVE-2007-0800

https://notcve.org/view.php?id=CVE-2007-0800

Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. Vulnerabilidad de cruce de sitios en Mozilla Firefox 1.5.0.9 considera que las ventanas emergentes bloqueadas tienen un origen de zona interno, lo cual permite a usuarios remotos con la complicidad del usuario cruzar restricciones de zona y leer URIs tipo "file://" de su elección convenciendo al usuario de que muestre una ventana emergente bloqueada. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052209.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052211.html http://lists.suse.com/archive/suse •