CVSS: 9.8EPSS: 2%CPEs: 52EXPL: 0CVE-2009-3372 – Firefox crash in proxy auto-configuration regexp parsing
https://notcve.org/view.php?id=CVE-2009-3372
29 Oct 2009 — Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de un expresión regular manipulada en un fichero de autoconfiguración de proxy. • http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 •
CVSS: 10.0EPSS: 13%CPEs: 56EXPL: 1CVE-2009-3373 – Mozilla Firefox 3.5.3 / SeaMonkey 1.1.17 - 'libpr0n' .GIF Parser Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-3373
29 Oct 2009 — Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en el parseador de imágenes GIF en Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/33313 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 3%CPEs: 52EXPL: 0CVE-2009-3376 – Firefox download filename spoofing with RTL override
https://notcve.org/view.php?id=CVE-2009-3376
29 Oct 2009 — Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, no maneja adecuadamente una anulación de carácter Unicode "rig... • http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html • CWE-16: Configuration •
CVSS: 7.5EPSS: 10%CPEs: 185EXPL: 2CVE-2009-2535 – Multiple Browsers - Denial of Service
https://notcve.org/view.php?id=CVE-2009-2535
20 Jul 2009 — Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero gran... • https://www.exploit-db.com/exploits/9160 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 5%CPEs: 108EXPL: 0CVE-2009-2210 – Thunderbird mail crash
https://notcve.org/view.php?id=CVE-2009-2210
25 Jun 2009 — Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. Mozilla Thunderbird en versiones anteriores a la 2.0.0.22 y SeaMonkey en versiones anteriores a la 1.1.17 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecu... • http://secunia.com/advisories/35561 •
CVSS: 7.5EPSS: 2%CPEs: 198EXPL: 0CVE-2009-1303 – Firefox 2 and 3 Layout engine crash
https://notcve.org/view.php?id=CVE-2009-1303
22 Apr 2009 — The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. El navegador del motor en Mozilla Firefox versiones anteriores a v3.0.9, Thunderbird versiones anteriores a v2.0.0.22, y SeaMonkey versiones anteriores a v1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-16: Configuration •
CVSS: 4.3EPSS: 0%CPEs: 132EXPL: 1CVE-2009-1311 – Firefox POST data sent to wrong site when saving web page with embedded frame
https://notcve.org/view.php?id=CVE-2009-1311
22 Apr 2009 — Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. Mozilla Firefox anteriores a v3.0.9 y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos con la intervención del usuario obtener información sensible al utilizar una página web con un "frame" embebido, provoca... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 58EXPL: 0CVE-2008-5913 – mozilla: in-session phishing attack
https://notcve.org/view.php?id=CVE-2008-5913
20 Jan 2009 — The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." La función Math.random en la implementación de JavaScript en Moz... • http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 0CVE-2006-6497
https://notcve.org/view.php?id=CVE-2006-6497
20 Dec 2006 — Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. Múltiples vulnerabilidades no especificadas en el motor de diseño para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a... • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc •