CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2008-5507 – Firefox Cross-domain data theft via script redirect error message
https://notcve.org/view.php?id=CVE-2008-5507
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19, Th... • http://scary.beasts.org/security/CESA-2008-011.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 2%CPEs: 10EXPL: 0CVE-2008-5508 – Firefox errors parsing URLs with control characters
https://notcve.org/view.php?id=CVE-2008-5508
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. Mozilla Firefox 3.x en versiones anteriores 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 no analizando propiamente URLs con es... • http://secunia.com/advisories/33184 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 1%CPEs: 9EXPL: 0CVE-2008-5510 – Firefox null characters ignored by CSS parser
https://notcve.org/view.php?id=CVE-2008-5510
17 Dec 2008 — The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. El analizador CSS en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores a 1.1.14 ignora el carácter... • http://secunia.com/advisories/33184 •
CVSS: 6.1EPSS: 1%CPEs: 10EXPL: 0CVE-2008-5511 – Firefox XSS via XBL bindings to unloaded document
https://notcve.org/view.php?id=CVE-2008-5511
17 Dec 2008 — Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." Mozilla Firefox 3.x antes de v3.0.5 y 2.x antes de v2.0.0.19, Thunderbird 2.x antes 2.0.0.19 y SeaMonkey 1.x antes de v1.1.14 permite a atacantes remotos evitar la política de mismo origen y llevar a cabo ataques de secuencias de comandos ... • http://secunia.com/advisories/33184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 3%CPEs: 10EXPL: 0CVE-2008-5512 – Firefox JavaScript privilege escalation
https://notcve.org/view.php?id=CVE-2008-5512
17 Dec 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x en versiones anteriores a 3.0.5 y 2.x en versiones anteriores anteriores a 2.0.0.19, Thunderbird 2.x en versiones anteriores a 2.0.0.... • http://secunia.com/advisories/33184 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 9EXPL: 0CVE-2008-5513 – Firefox XSS vulnerabilities in SessionStore
https://notcve.org/view.php?id=CVE-2008-5513
17 Dec 2008 — Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. Vulnerabilidad no especificada en la característica session-restore en Mozilla Firefox 3.x versiones anteriores a v3.0.5 y 2.x versiones anteriores a v2.0.0.19 perm... • http://secunia.com/advisories/33184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 3%CPEs: 144EXPL: 0CVE-2008-5012 – Mozilla Image stealing via canvas and HTTP redirect
https://notcve.org/view.php?id=CVE-2008-5012
13 Nov 2008 — Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. Mozilla Firefox 2.x versiones anteriores a v2.0.0.18, Thun... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 14%CPEs: 9EXPL: 0CVE-2008-5014 – Mozilla crash and remote code execution via __proto__ tampering
https://notcve.org/view.php?id=CVE-2008-5014
13 Nov 2008 — jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. jslock.cpp en Mozilla Firefox 3.x antes de 3.0.2, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 9%CPEs: 42EXPL: 0CVE-2008-5016 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-5016
13 Nov 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. El motor de diseño en Mozilla Firefox 3.x versiones anteriores a v3.0.4, Thunderbird 2.x versiones anteriores a v2.0.0.18, y SeaMonkey 1.x versiones anteriores a v1.1.13 permite a atacantes remotos provocar una denegación de servicio (caída) a través de... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 9%CPEs: 9EXPL: 0CVE-2008-5017 – Mozilla crash with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2008-5017
13 Nov 2008 — Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors. Desbordamiento de entero en xpcom/io/nsEscape.cpp en el motor de navegación en Mozilla Firefox 3.x antes de 3.0.4, Firefox 2.x antes de 2.0.0.18, Thunderbird 2.x antes de 2.0.0.18 y SeaMonkey 1.x antes de 1.1.13 permite a atacantes rem... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-189: Numeric Errors •