CVSS: 8.1EPSS: 3%CPEs: 36EXPL: 0CVE-2008-2806
https://notcve.org/view.php?id=CVE-2008-2806
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. Mozilla Firefox anterior a v2.0.0.15 y SeaMonkey anterior a v1.1.10 sobre Mac OS X, permite a atacantes remotos evitar la misma política de origen y crear conexiones con socket de su elección a través de un applet Java manipulado, relacionado con el Ja... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2008-2800 – Firefox XSS attacks
https://notcve.org/view.php?id=CVE-2008-2800
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest. Mozilla Firefox anteriores a 2.0.0.15 y SeaMonkey anterior a 1.1.10, permite a atacantes remotos saltar el Same Origin Policy y conducir un ataque de secu... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 91%CPEs: 37EXPL: 0CVE-2008-2799 – Firefox javascript arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-2799
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Múltiples vulnerabilidades no especificadas en versiones de Mozilla Firefox anteriores a la 2.0.0.15, Thunderbird 2.0.0.14 y anteriores, y SeaMonkey anteriores a la 1.1.10, que permiten a los atacantes remotos causa... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 91%CPEs: 37EXPL: 0CVE-2008-2798 – Firefox malformed web content flaws
https://notcve.org/view.php?id=CVE-2008-2798
07 Jul 2008 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Múltiples vulnerabilidades en Mozilla Firefox anterior a 2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior 1.1.10, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y p... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 24EXPL: 0CVE-2008-2805 – Firefox arbitrary file disclosure
https://notcve.org/view.php?id=CVE-2008-2805
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 , permiten a atacantes remotos forzar la subida de ficheros locales desde un ordenador cliente, mediante los vectores que incluyen originalTarget y DOM Range. • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 24EXPL: 0CVE-2008-2807 – Firefox .properties memory leak
https://notcve.org/view.php?id=CVE-2008-2807
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file. Mozilla Firefox y versiones anteriores a la 2.0.0.15 y SeaMonkey y versiones anteriores a la 1.1.10 que no gestionan correctamente una propiedad inválida de un fichero para un complemento, el cual permite a los atacantes remot... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.1EPSS: 1%CPEs: 64EXPL: 0CVE-2008-2808 – Firefox file location escaping flaw
https://notcve.org/view.php?id=CVE-2008-2808
07 Jul 2008 — Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename. Mozilla Firefox anterior a 2.0.0.15 y SeaMonkey anterior a 1.1.10 no escapan correctamente el HTML en listados de directorios file:// URLs, lo que permite a atacantes remotos llevar a cabo ataques de secuencias de comandos en sitios cruzados (XSS) o te... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 59%CPEs: 37EXPL: 0CVE-2008-2811 – Firefox block reflow flaw
https://notcve.org/view.php?id=CVE-2008-2811
07 Jul 2008 — The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. La implemetación del bloque "reflow" en Mozilla Firefox anterior a v2.0.0.15, Thunderbird 2.0.0.14 y anteriores y SeaMonkey anterior a v1.1.10, permite a atacantes remotos ... • http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 41%CPEs: 75EXPL: 0CVE-2008-2785 – Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2008-2785
19 Jun 2008 — Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. Firefox anterior a versión 2.0.0.16 y versiones 3.x anteriores a 3.0.1, Thunderbir... • http://blog.mozilla.com/security/2008/06/18/new-security-issue-under-investigation • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 15%CPEs: 49EXPL: 0CVE-2008-1380 – Firefox JavaScript garbage collection crash
https://notcve.org/view.php?id=CVE-2008-1380
17 Apr 2008 — The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.14, Thunderbird versiones anteriores a 2.0.0.14, y SeaMonkey versiones anteriores a 1.1.10 permite a atacantes remotos provocar una deneg... • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html • CWE-399: Resource Management Errors •