CVSS: 8.2EPSS: 2%CPEs: 144EXPL: 0CVE-2008-5012 – Mozilla Image stealing via canvas and HTTP redirect
https://notcve.org/view.php?id=CVE-2008-5012
13 Nov 2008 — Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not directly accessible to the attacker. NOTE: this issue can be leveraged to enumerate software on the client by performing redirections related to moz-icon. Mozilla Firefox 2.x versiones anteriores a v2.0.0.18, Thun... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 55%CPEs: 91EXPL: 0CVE-2008-5013 – Mozilla Firefox Flash Player Dynamic Module Unloading Vulnerability
https://notcve.org/view.php?id=CVE-2008-5013
12 Nov 2008 — Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. Mozilla Firefox 2.x antes de 2.0.0.18 y SeaMonkey 1.x antes de 1.1.13 no comprueba correctamente cuando se ha descargado dinámicamente el módulo Flash, lo ... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 75%CPEs: 22EXPL: 0CVE-2008-5021 – Mozilla Firefox Input Box Type Property Dangling Pointer Vulnerability
https://notcve.org/view.php?id=CVE-2008-5021
12 Nov 2008 — nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying properties of a file input element while it is still being initialized, then using the blur method to access uninitialized memory. nsFrameManager en Firefox v3.x antes de la v3.0.4, Firefox v2.x antes de la v2.0.0.18, Thunderbird 2.x antes de la v2.0.0.18, y SeaMo... • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00004.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 6%CPEs: 48EXPL: 1CVE-2008-4582 – Mozilla Firefox 3.0.3 - Internet Shortcut Same Origin Policy Violation
https://notcve.org/view.php?id=CVE-2008-4582
15 Oct 2008 — Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referen... • https://www.exploit-db.com/exploits/32466 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 5%CPEs: 72EXPL: 1CVE-2008-4070 – Thunderbird cancelled newsgrop messages
https://notcve.org/view.php?id=CVE-2008-4070
27 Sep 2008 — Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages." Desbordamiento de búfer basado en montículo en Mozilla Thunderbird antes de v2.0.0.17 y SeaMonkey antes de v1.1.12 permite a atacantes remotos causar denegación de servicio (caída de aplicació... • http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00005.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 2%CPEs: 10EXPL: 2CVE-2008-4067 – resource: traversal vulnerability
https://notcve.org/view.php?id=CVE-2008-4067
24 Sep 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla anterior a 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 en Linux permite a atacantes remotos leer archivos de su elección... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 94%CPEs: 9EXPL: 1CVE-2008-4065 – Mozilla BOM characters stripped from JavaScript before execution
https://notcve.org/view.php?id=CVE-2008-4065
24 Sep 2008 — Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug." Firefox de Mozilla antes de 2.0.0.17 y 3.x anterior a 3.0.2, Thunderbird anterior a 2.0.0.17 y SeaMonkey anterior a 1.1.12 permite a atacantes remotos evitar los mecan... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 70EXPL: 0CVE-2008-4069 – Mozilla XBM decoder information disclosure
https://notcve.org/view.php?id=CVE-2008-4069
24 Sep 2008 — The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. El decodificador XBM de Firefox de Mozilla antes del 2.0.0.17 y SeaMonkey anterior a 1.1.12 permite a atacantes remotos leer memoria no inicializada y posiblemente obtener información sensible en circunstancias oportunas mediante un archivo de imagen XBM manipulado. • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 17%CPEs: 9EXPL: 0CVE-2008-4058 – Mozilla privilege escalation via XPCnativeWrapper pollution
https://notcve.org/view.php?id=CVE-2008-4058
24 Sep 2008 — The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. El componente XPConnect en Mozilla Firefox antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17 y SeaMonkey before 1.1.12 permite a atacantes remotos "contaminar XPCNativeWrappers" y ejecutar cód... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 132EXPL: 0CVE-2008-3835 – mozilla: nsXMLDocument:: OnChannelRedirect() same-origin violation
https://notcve.org/view.php?id=CVE-2008-3835
24 Sep 2008 — The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. La función nsXMLDocument::OnChannelRedirect en Firefox de Mozilla antes de 2.0.0.17, Thunderbird antes de 2.0.0.17 y SeaMonkey antes de 1.1.12 permite a atacantes remotos evitar "Same Origin Policy (Política de Mismo Origen)" y ejecutar código javaScript de... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-264: Permissions, Privileges, and Access Controls •