CVSS: 7.1EPSS: 0%CPEs: 88EXPL: 0CVE-2009-0776 – Firefox XML data theft via RDFXMLDataSource and cross-domain redirect
https://notcve.org/view.php?id=CVE-2009-0776
05 Mar 2009 — nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. nsIRDFService de Mozilla Firefox anterior a v3.0.7, Thunderbird anterior a v2.0.0.21 y SeaMonkey anterior a v1.1.15; permite a atacantes remotos evitar la política de same-origin -mismo origen- y leer datos XML desde otro dominio a través de una redirección de dominio cruzado. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.8EPSS: 2%CPEs: 88EXPL: 0CVE-2009-0777 – Firefox URL spoofing with invisible control characters
https://notcve.org/view.php?id=CVE-2009-0777
05 Mar 2009 — Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. Mozilla Firefox en versiones anteriores a 3.0.7, Thunderbird en versiones anteriores 2.0.0.21 y SeaMonkey en versiones anteriores a 1.1.15, decodifican caracteres invisibles cuando son desplegados en la barra de ubica... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 6%CPEs: 88EXPL: 0CVE-2009-0775 – Mozilla Firefox XUL Linked Clones Double Free Vulnerability
https://notcve.org/view.php?id=CVE-2009-0775
05 Mar 2009 — Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. Vulnerabilidad de doble liberación en Mozilla Firefox anteriores a v3.0.7, Thunderbird anteriores a v2.0.0.21, y SeaMonkey anteriores a v1.1.15 permite a atacantes remotos ejecutar código a su elección a través de "el... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html • CWE-399: Resource Management Errors •
CVSS: 7.1EPSS: 2%CPEs: 88EXPL: 0CVE-2009-0652 – firefox: does not properly prevent the literal rendering of homoglyph characters in IDN domain names (spoof URLs and conduct phishing attacks)
https://notcve.org/view.php?id=CVE-2009-0652
20 Feb 2009 — The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much ... • http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html •
CVSS: 10.0EPSS: 8%CPEs: 70EXPL: 0CVE-2009-0352 – Firefox layout crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0352
04 Feb 2009 — Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function. Múltiples vulnerabilidades no especificadas en Mozilla Firefox 3.x antes de 3.0.6, Thunderbird antes de 2.0.0.21, y SeaMonkey... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 6%CPEs: 70EXPL: 0CVE-2009-0353 – Firefox javascript crashes with evidence of memory corruption
https://notcve.org/view.php?id=CVE-2009-0353
04 Feb 2009 — Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine. Vulnerabilidad sin especificar en Mozilla Firefox v3.x anterior a v3.0.6, Thunderbird anterior a v2.0.0.21, y SeaMonkey anterior a v1.1.15 permite a atacantes remotos provocar una denegación de servicio (corrupción d... • http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00001.html • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 98EXPL: 0CVE-2009-0357 – Firefox XMLHttpRequest allows reading HTTPOnly cookies
https://notcve.org/view.php?id=CVE-2009-0357
04 Feb 2009 — Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. Mozilla Firefox anterior a v3.06 y SeaMonkey anterior a v1.1.15 no restringe adecuadamente el acceso desde las páginas web a las cabeceras de respuesta HTTP (1) Set-Cookie y (2) Set-Cookie2, lo qu... • http://ha.ckers.org/blog/20070511/bluehat-errata • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.2EPSS: 0%CPEs: 58EXPL: 0CVE-2008-5913 – mozilla: in-session phishing attack
https://notcve.org/view.php?id=CVE-2008-5913
20 Jan 2009 — The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." La función Math.random en la implementación de JavaScript en Moz... • http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html •
CVSS: 10.0EPSS: 3%CPEs: 10EXPL: 0CVE-2008-5500 – Layout engine crashes - Firefox 2 and 3
https://notcve.org/view.php?id=CVE-2008-5500
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. El motor de diseño de Mozilla Firefox 3.x anterior a 3.0.5 y 2.x anterior a 2.0.0.19, Thunderbird 2.x anterior a 2.0.0.19 y SeaMonkey 1.x anterior a 1.1.14, permite a atacantes remotos provoc... • http://secunia.com/advisories/33184 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 3%CPEs: 5EXPL: 0CVE-2008-5501 – Layout engine crash - Firefox 3 only
https://notcve.org/view.php?id=CVE-2008-5501
17 Dec 2008 — The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. El motor de diseño en Mozilla Firefox 3.x en versiones anteriores 3.0.5, Thunderbird 2.x en versiones anteriores a 2.0.0.19, y SeaMonkey 1.x en versiones anteriores 1.1.14 que permite a los atacantes remotos causar una denegación de servicios a través de vectores que lanzar un fallo de evalu... • http://secunia.com/advisories/33188 •