CVSS: 9.1EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5508 – Firefox errors parsing URLs with control characters
https://notcve.org/view.php?id=CVE-2008-5508
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. Mozilla Firefox 3.x en versiones anteriores 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 no analizando propiamente URLs con es... • http://secunia.com/advisories/33184 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 0CVE-2008-5501 – Layout engine crash - Firefox 3 only
https://notcve.org/view.php?id=CVE-2008-5501
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. El motor de diseño en Mozilla Firefox 3.x en versiones anteriores 3.0.5, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 que permite a los atacantes remotos causar una denegación de servicios a través de vectores que lanzar un fallo de evalu... • http://secunia.com/advisories/33188 •
CVSS: 9.1EPSS: 2%CPEs: 9EXPL: 0CVE-2008-5510 – Firefox null characters ignored by CSS parser
https://notcve.org/view.php?id=CVE-2008-5510
17 Dec 2008 — The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. El analizador CSS en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 ignora el carácter... • http://secunia.com/advisories/33184 •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5512 – Firefox JavaScript privilege escalation
https://notcve.org/view.php?id=CVE-2008-5512
17 Dec 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores anteriores a 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.... • http://secunia.com/advisories/33184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2008-5500 – Layout engine crashes - Firefox 2 and 3
https://notcve.org/view.php?id=CVE-2008-5500
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provoc... • http://secunia.com/advisories/33184 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 9EXPL: 0CVE-2008-5513 – Firefox XSS vulnerabilities in SessionStore
https://notcve.org/view.php?id=CVE-2008-5513
17 Dec 2008 — Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. Vulnerabilidad no especificada en la característica session-restore en Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19 perm... • http://secunia.com/advisories/33184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 19%CPEs: 9EXPL: 0CVE-2008-5018 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-5018
13 Nov 2008 — The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. El motor JavaScript en Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18, y SeaMonkey 1.x antes de 1.1.13, permite a atacantes remotos provocar una denegación de servicio (cra... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 2%CPEs: 8EXPL: 0CVE-2008-5023 – Mozilla -moz-binding property bypasses security checks on codebase principals
https://notcve.org/view.php?id=CVE-2008-5023
13 Nov 2008 — Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file. Firefox 3.x antes de v3.0.4, Firefox 2.x antes de v2.0.0.18 y SeaMonkey 1.x antes de v1.1.13 permite a atacantes remotos evitar los mecanismos de protección para "codebase principals" y ejecutar secuencias de comandos de su elección mediante la propiedad -m... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 1CVE-2008-5024 – Mozilla parsing error in E4X default namespace
https://notcve.org/view.php?id=CVE-2008-5024
13 Nov 2008 — Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document. Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18, Y SeaMonkey 1.x antes de 1.1.13 no escapan de manera apropiada los caracteres usados para el procesamiento X... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 10.0EPSS: 16%CPEs: 9EXPL: 0CVE-2008-5017 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-5017
13 Nov 2008 — Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. Desbordamiento de entero en xpcom/io/nsEscape.cpp en el motor de navegación en Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18 y SeaMonkey 1.x antes de 1.1.13 permite a atacantes rem... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-189: Numeric Errors •