CVSS: 6.5EPSS: 5%CPEs: 2EXPL: 0CVE-2008-0414 – mozilla: multiple file input focus stealing vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0414
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, permiten a atacantes remotos con la intervención del usuario engañarle enviando archivos de su elección a través de etiquetas label que cambian el foco a un campo de entrada de archivo, también conoc... • http://browser.netscape.com/releasenotes • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 28%CPEs: 3EXPL: 1CVE-2008-0418 – Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure
https://notcve.org/view.php?id=CVE-2008-0418
08 Feb 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. Vulnerabilidad de salto de directorio en Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, y SeaMonkey en versiones anteriores a 1.1.8, cuando usa addons "llanos", per... • https://www.exploit-db.com/exploits/31051 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 70%CPEs: 2EXPL: 0CVE-2008-0419 – Mozilla arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-0419
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, permite a los atacantes remotos robar el historial de navegación y causar una denegación de servicio (bloqueo) por medio de imágenes en una página que usa tramas d... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 0CVE-2007-6589
https://notcve.org/view.php?id=CVE-2007-6589
28 Dec 2007 — The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. El manejador de protocolo jar de Mozilla Firefox anterior a 2.0.0.10 y SeaMonkey anterior a 1.1.7 no actualiza el dominio de origen cuando la recuperación del parámetro URL interno da luga... • http://blog.beford.org/?p=8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 3%CPEs: 52EXPL: 0CVE-2007-5960 – Mozilla Cross-site Request Forgery flaw
https://notcve.org/view.php?id=CVE-2007-5960
26 Nov 2007 — Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7, establece el e... • http://browser.netscape.com/releasenotes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 95%CPEs: 66EXPL: 0CVE-2007-5959 – Multiple flaws in Firefox
https://notcve.org/view.php?id=CVE-2007-5959
26 Nov 2007 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7 permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante v... • http://browser.netscape.com/releasenotes •
CVSS: 6.1EPSS: 89%CPEs: 15EXPL: 0CVE-2007-5947 – jar: protocol XSS
https://notcve.org/view.php?id=CVE-2007-5947
14 Nov 2007 — The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. El manejador del protocolo jar en Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7, recupera la URL interna independientemente de su tipo MIME, y co... • http://browser.netscape.com/releasenotes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 12%CPEs: 2EXPL: 0CVE-2007-5334
https://notcve.org/view.php?id=CVE-2007-5334
21 Oct 2007 — Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. Mozilla Firefox en versiones anteriores a 2.0.0.8 y SeaMonkey en versiones anteriores a 1.1.5 pueden ocultar la barra de título de la ventana cuando muestra documentos de lenguaje de marcado XUL, lo que hace más fácil para atacantes remotos llevar a cabo ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-16: Configuration •
CVSS: 7.5EPSS: 41%CPEs: 4EXPL: 0CVE-2007-5337
https://notcve.org/view.php?id=CVE-2007-5337
21 Oct 2007 — Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. El Mozilla Firefox anterior al 2.0.0.8 y el SeaMonkey anterior al 1.1.5, cuando corren bajo sistemas Linux con el soporte gnome-vfs, puede... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 17%CPEs: 2EXPL: 0CVE-2007-5338
https://notcve.org/view.php?id=CVE-2007-5338
21 Oct 2007 — Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. Mozilla Firefox versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permite a atacantes remotos ejecutar Javascript arbitrario con privilegios de usuario mediante el objeto Script para modificar XPCNativeWrappers de una ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-16: Configuration CWE-264: Permissions, Privileges, and Access Controls •