CVSS: 7.1EPSS: 3%CPEs: 77EXPL: 1CVE-2009-1305 – Firefox 2 and 3 JavaScript engine crash
https://notcve.org/view.php?id=CVE-2009-1305
22 Apr 2009 — The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. El motor JavaScript en Mozilla Firefox antes de 3.0.9, Thunderbird antes de 2.0.0.22, y SeaMonkey antes de 1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de la aplica... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •
CVSS: 4.3EPSS: 0%CPEs: 132EXPL: 1CVE-2009-1311 – Firefox POST data sent to wrong site when saving web page with embedded frame
https://notcve.org/view.php?id=CVE-2009-1311
22 Apr 2009 — Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. Mozilla Firefox anteriores a v3.0.9 y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos con la intervención del usuario obtener información sensible al utilizar una página web con un "frame" embebido, provoca... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.2EPSS: 0%CPEs: 58EXPL: 0CVE-2008-5913 – mozilla: in-session phishing attack
https://notcve.org/view.php?id=CVE-2008-5913
20 Jan 2009 — The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." La función Math.random en la implementación de JavaScript en Moz... • http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2008-0593 – Mozilla URL token stealing flaw
https://notcve.org/view.php?id=CVE-2008-0593
09 Feb 2008 — Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. Los navegadores basados en Gecko, incluyendo Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, modifican la propiedad .href de los nodos... • http://browser.netscape.com/releasenotes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 13%CPEs: 4EXPL: 0CVE-2006-6497
https://notcve.org/view.php?id=CVE-2006-6497
20 Dec 2006 — Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. Múltiples vulnerabilidades no especificadas en el motor de diseño para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a... • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc •