CVSS: 9.8EPSS: 52%CPEs: 134EXPL: 0CVE-2008-4060 – Mozilla privilege escalation via XPCnativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-4060
24 Sep 2008 — Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey antes de 1.1.12 permite a atacantes remotos crear documentos que no tienen objetos de m... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 87%CPEs: 70EXPL: 1CVE-2008-0016 – Mozilla Firefox 2.0.0.16 - UTF-8 URL Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-0016
24 Sep 2008 — Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. Desbordamiento de búfer basado en pila en la implementación de análisis URL de Firefox de Mozilla antes de 2.0.0.17 y SeaMonkey antes de 1.1.12 permite a atacantes remotos ejecutar código de su elección mediante un URL UTF-8 manipulado en un enlace. • https://www.exploit-db.com/exploits/9663 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2008-4068 – recource: bypass
https://notcve.org/view.php?id=CVE-2008-4068
24 Sep 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey ... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 1%CPEs: 8EXPL: 0CVE-2008-3837 – mozilla: Forced mouse drag
https://notcve.org/view.php?id=CVE-2008-3837
24 Sep 2008 — Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823. Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2 y SeaMonkey antes de 1.1.12, permiten a atacantes remotos ayudados por el usuario mover una ventana durante un click de ratón y po... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ •
CVSS: 10.0EPSS: 59%CPEs: 9EXPL: 0CVE-2008-4061 – Mozilla layout engine crash
https://notcve.org/view.php?id=CVE-2008-4061
24 Sep 2008 — Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine. Desbordamiento de entero en el componente MathML de Mozilla Firefox antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-189: Numeric Errors •
CVSS: 4.8EPSS: 2%CPEs: 18EXPL: 0CVE-2008-2809 – Firefox self signed certificate flaw
https://notcve.org/view.php?id=CVE-2008-2809
08 Jul 2008 — Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Mozilla 1.9 M8 y anteriores, Mozi... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 31%CPEs: 37EXPL: 0CVE-2008-2803 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2803
07 Jul 2008 — The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. La función mozIJSSubScriptLoader.LoadScript en Mozilla Firefox anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anter... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 79%CPEs: 37EXPL: 0CVE-2008-2802 – Firefox arbitrary JavaScript code execution
https://notcve.org/view.php?id=CVE-2008-2802
07 Jul 2008 — Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." Mozilla Firefox y versiones anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey y anteriores a 1.1.10 permiten a los atacantes remotos ejecutar código arbitrario a través de un documento XUL que incluye una secuenc... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 1%CPEs: 24EXPL: 0CVE-2008-2810 – Firefox arbitrary file disclosure
https://notcve.org/view.php?id=CVE-2008-2810
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10, no identifican correctamente el contexto de los ficheros de acceso de directo de Windows, esto permite a atacantes remotos con la ayuda del usuario evitar el Same Origin... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 77%CPEs: 24EXPL: 0CVE-2008-2801 – Firefox arbitrary signed JAR code execution
https://notcve.org/view.php?id=CVE-2008-2801
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10, no implementan de forma correcta las firmas JAR, esto permite a atacantes remotos ejecutar código de su elección mediante (1) la inyección de JavaScript en ... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-287: Improper Authentication •