CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2008-4068 – recource: bypass
https://notcve.org/view.php?id=CVE-2008-4068
24 Sep 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI. Vulnerabilidad de salto de directorio en Firefox de Mozilla antes de 2.0.0.17 y 3.x antes de 3.0.2, Thunderbird antes de 2.0.0.17, y SeaMonkey ... • http://download.novell.com/Download?buildid=WZXONb-tqBw~ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 2%CPEs: 18EXPL: 0CVE-2008-2809 – Firefox self signed certificate flaw
https://notcve.org/view.php?id=CVE-2008-2809
08 Jul 2008 — Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. Mozilla 1.9 M8 y anteriores, Mozi... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 9%CPEs: 37EXPL: 0CVE-2008-2798 – Firefox malformed web content flaws
https://notcve.org/view.php?id=CVE-2008-2798
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Múltiples vulnerabilidades en Mozilla Firefox anterior a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior 1.1.10, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y p... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 8%CPEs: 37EXPL: 0CVE-2008-2799 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2799
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causa... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 2%CPEs: 24EXPL: 0CVE-2008-2800 – Firefox XSS attacks
https://notcve.org/view.php?id=CVE-2008-2800
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest. Mozilla Firefox anteriores a 2.0.0.15 y SeaMonkey anterior a 1.1.10, permite a atacantes remotos saltar el Same Origin Policy y conducir un ataque de secu... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 4%CPEs: 24EXPL: 0CVE-2008-2801 – Firefox arbitrary signed JAR code execution
https://notcve.org/view.php?id=CVE-2008-2801
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10, no implementan de forma correcta las firmas JAR, esto permite a atacantes remotos ejecutar código de su elección mediante (1) la inyección de JavaScript en ... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 6%CPEs: 37EXPL: 0CVE-2008-2802 – Firefox arbitrary JavaScript code execution
https://notcve.org/view.php?id=CVE-2008-2802
07 Jul 2008 — Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." Mozilla Firefox y versiones anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey y anteriores a 1.1.10 permiten a los atacantes remotos ejecutar código arbitrario a través de un documento XUL que incluye una secuenc... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 6%CPEs: 37EXPL: 0CVE-2008-2803 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2803
07 Jul 2008 — The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. La función mozIJSSubScriptLoader.LoadScript en Mozilla Firefox anteriores a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anter... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2008-2805 – Firefox arbitrary file disclosure
https://notcve.org/view.php?id=CVE-2008-2805
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 , permiten a atacantes remotos forzar la subida de ficheros locales desde un ordenador cliente, mediante los vectores que incluyen originalTarget y DOM Range. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 0CVE-2008-2807 – Firefox .properties memory leak
https://notcve.org/view.php?id=CVE-2008-2807
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file. Mozilla Firefox y versiones anteriores a la 2.0.0.15 y SeaMonkey y versiones anteriores a la 1.1.10 que no gestionan correctamente una propiedad inválida de un fichero para un complemento, el cual permite a los atacantes remot... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •