CVSS: 6.5EPSS: 22%CPEs: 3EXPL: 0CVE-2007-5339
https://notcve.org/view.php?id=CVE-2007-5339
21 Oct 2007 — Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. Múltiples vulnerabilidades en el Mozilla Firefox anterior al 2.0.0.8, en el Thunderbird anterior al 2.0.0.8 y en el SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de un HTML modificado que dispara una corrup... • http://bugs.gentoo.org/show_bug.cgi?id=196481 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 16%CPEs: 3EXPL: 0CVE-2007-5340
https://notcve.org/view.php?id=CVE-2007-5340
21 Oct 2007 — Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. Múltiples vulnerabilidades en el motor de Javascript del Mozilla Firefox anterior al 2.0.0.8, del Thunderbird anterior al 2.0.0.8, y del SeaMonkey anterior al 1.1.5 permiten a atacantes remotos provocar una denegación de servicio (caída) a través de HTML modific... • http://bugs.gentoo.org/show_bug.cgi?id=196481 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 88EXPL: 0CVE-2007-4879
https://notcve.org/view.php?id=CVE-2007-4879
13 Sep 2007 — Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. Mozilla Firefox anterior a Firefox versión 2.0.0.13, y SeaMonkey anterior a versión 1.1.9, pueden instalar automáticamente certificados de cliente TLS con una... • http://0x90.eu/ff_tls_poc.html •
CVSS: 9.3EPSS: 7%CPEs: 3EXPL: 0CVE-2007-4841
https://notcve.org/view.php?id=CVE-2007-4841
12 Sep 2007 — Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. Mozilla Firefox versiones anteriores a 2.0.0.8, Thunderbird versiones anteriores a 2.0.0.8 y SeaMonkey versiones anteriores a 1.1.5, permiten a atacantes remotos ejecutar c... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 2%CPEs: 26EXPL: 1CVE-2007-3511
https://notcve.org/view.php?id=CVE-2007-3511
03 Jul 2007 — The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field. El manejo del enfoque para el evento onkeydown en Mozilla Firefox versiones 1.5.0.12, 2.0.0.0.4 y otras versiones anteriores a 2.0.0.8, y SeaMonkey versiones... • http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0646.html •
CVSS: 7.5EPSS: 44%CPEs: 25EXPL: 1CVE-2007-1362 – Mozilla Firefox 2.0.0.2 - Document.Cookie Path Argument Denial of Service
https://notcve.org/view.php?id=CVE-2007-1362
01 Jun 2007 — Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos provocar... • https://www.exploit-db.com/exploits/29720 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 27%CPEs: 45EXPL: 0CVE-2007-2867 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2867
01 Jun 2007 — Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. Múltiples vulnerabilidades en el motor de capas del Mozilla Firefox 1.5.x anterior al 1.5.0.12 y 2.x anterior al 2.0.0.4, Thunderbird 1.5.x anterior al 1.5.0.... • http://fedoranews.org/cms/node/2747 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 28%CPEs: 33EXPL: 0CVE-2007-2868
https://notcve.org/view.php?id=CVE-2007-2868
01 Jun 2007 — Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. Múltiples vulnerabilidades en el motor de JavaScript para el Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4, el Thunderbird 1.5.x anterior al 1... • http://fedoranews.org/cms/node/2747 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 5%CPEs: 18EXPL: 0CVE-2007-2870
https://notcve.org/view.php?id=CVE-2007-2870
01 Jun 2007 — Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos evitar la política del "mismo-origen" (same-origin... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 •
CVSS: 6.5EPSS: 12%CPEs: 18EXPL: 0CVE-2007-2871 – Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)
https://notcve.org/view.php?id=CVE-2007-2871
01 Jun 2007 — Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. El Mozilla Firefox 1.5.x anterior al 1.5.0.12 y el 2.x anterior al 2.0.0.4 y el SeaMonkey 1.0.9 y 1.1.2, permiten a atacantes remotos simular o esconder el "browser chrome", como el de la barra de ubicació... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 •