CVSS: 7.5EPSS: 4%CPEs: 54EXPL: 0CVE-2008-5503 – Firefox 2 Information stealing via loadBindingDocument
https://notcve.org/view.php?id=CVE-2008-5503
17 Dec 2008 — The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. La función loadBindingDocument en Mozilla Firefox 2.x antes de v2.0.0.19, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 no realiza ninguna comprobación de seguridad relacionada con l... • http://secunia.com/advisories/33184 •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5506 – Firefox XMLHttpRequest 302 response disclosure
https://notcve.org/view.php?id=CVE-2008-5506
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Thunderbird 2.x versiones an... • http://secunia.com/advisories/33184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 4%CPEs: 5EXPL: 0CVE-2008-5502 – JavaScript engine crash - Firefox 3 only
https://notcve.org/view.php?id=CVE-2008-5502
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. El motor de diseño en Mozilla Firefox 3.x antes de v3.0.5, Thunderbird 2.x antes de v2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos provocar una denegación de servicio (caída) mediante vectores que disparan... • http://secunia.com/advisories/33188 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-5507 – Firefox Cross-domain data theft via script redirect error message
https://notcve.org/view.php?id=CVE-2008-5507
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Th... • http://scary.beasts.org/security/CESA-2008-011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5508 – Firefox errors parsing URLs with control characters
https://notcve.org/view.php?id=CVE-2008-5508
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. Mozilla Firefox 3.x en versiones anteriores 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 no analizando propiamente URLs con es... • http://secunia.com/advisories/33184 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 0CVE-2008-5501 – Layout engine crash - Firefox 3 only
https://notcve.org/view.php?id=CVE-2008-5501
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. El motor de diseño en Mozilla Firefox 3.x en versiones anteriores 3.0.5, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 que permite a los atacantes remotos causar una denegación de servicios a través de vectores que lanzar un fallo de evalu... • http://secunia.com/advisories/33188 •
CVSS: 9.1EPSS: 2%CPEs: 9EXPL: 0CVE-2008-5510 – Firefox null characters ignored by CSS parser
https://notcve.org/view.php?id=CVE-2008-5510
17 Dec 2008 — The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. El analizador CSS en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 ignora el carácter... • http://secunia.com/advisories/33184 •
CVSS: 6.8EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5512 – Firefox JavaScript privilege escalation
https://notcve.org/view.php?id=CVE-2008-5512
17 Dec 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores anteriores a 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.... • http://secunia.com/advisories/33184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 2%CPEs: 10EXPL: 0CVE-2008-5500 – Layout engine crashes - Firefox 2 and 3
https://notcve.org/view.php?id=CVE-2008-5500
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provoc... • http://secunia.com/advisories/33184 • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 1%CPEs: 9EXPL: 0CVE-2008-5513 – Firefox XSS vulnerabilities in SessionStore
https://notcve.org/view.php?id=CVE-2008-5513
17 Dec 2008 — Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. Vulnerabilidad no especificada en la característica session-restore en Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19 perm... • http://secunia.com/advisories/33184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •