CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0CVE-2009-2408 – firefox/nss: doesn't handle NULL in Common Name properly
https://notcve.org/view.php?id=CVE-2009-2408
30 Jul 2009 — Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v... • http://isc.sans.org/diary.html?storyid=7003 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 3%CPEs: 185EXPL: 2CVE-2009-2535 – Multiple Browsers - Denial of Service
https://notcve.org/view.php?id=CVE-2009-2535
20 Jul 2009 — Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero gran... • https://www.exploit-db.com/exploits/9160 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 97%CPEs: 32EXPL: 14CVE-2009-0689 – K-Meleon 1.5.3 - Remote Array Overrun
https://notcve.org/view.php?id=CVE-2009-0689
01 Jul 2009 — Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision v... • https://www.exploit-db.com/exploits/10186 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 9%CPEs: 108EXPL: 0CVE-2009-2210 – Thunderbird mail crash
https://notcve.org/view.php?id=CVE-2009-2210
25 Jun 2009 — Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. Mozilla Thunderbird en versiones anteriores a la 2.0.0.22 y SeaMonkey en versiones anteriores a la 1.1.17 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecu... • http://secunia.com/advisories/35561 •
CVSS: 6.5EPSS: 20%CPEs: 132EXPL: 2CVE-2009-1834 – Mozilla Firefox 3.0.10 / SeaMonkey 1.1.16 - Address Bar URI Spoofing
https://notcve.org/view.php?id=CVE-2009-1834
12 Jun 2009 — Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. Vulnerabilidad de truncado visual en netwerk/dns/src/nsIDNService.cpp en Mozilla Firefox anterior a v3.0.11 y SeaMonkey anterior a v1.1.17 permite a atacantes remotos sustituir la barra de direccione... • https://www.exploit-db.com/exploits/33039 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 29%CPEs: 202EXPL: 4CVE-2009-1833 – Firefox JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1833
12 Jun 2009 — The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. El motor JavaScript en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a ata... • http://osvdb.org/55152 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 202EXPL: 0CVE-2009-1838 – Firefox arbitrary code execution flaw
https://notcve.org/view.php?id=CVE-2009-1838
12 Jun 2009 — The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. La implementación de la recolección de basura en Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anterio... • http://osvdb.org/55157 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 132EXPL: 2CVE-2009-1835 – file: resources
https://notcve.org/view.php?id=CVE-2009-1835
12 Jun 2009 — Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. Mozilla Firefox anteriores a v3.0.11 y SeaMonkey anteriores a v1.1.17 asocian documentos locales con un dominio de nombres externo localizado después de la subcadena "file://" en una UR... • http://osvdb.org/55161 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 202EXPL: 0CVE-2009-1841 – Firefox JavaScript arbitrary code execution
https://notcve.org/view.php?id=CVE-2009-1841
12 Jun 2009 — js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. js/src/xpconnect/src/xpcwrappedjsclass.cpp en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anterior a v1.1.17 permite a atacantes remotos ejecutar secuencias de comandos web de forma arb... • http://osvdb.org/55159 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 13%CPEs: 202EXPL: 2CVE-2009-1832 – Firefox double frame construction flaw
https://notcve.org/view.php?id=CVE-2009-1832
12 Jun 2009 — Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar co... • http://osvdb.org/55148 • CWE-94: Improper Control of Generation of Code ('Code Injection') •