CVSS: 8.8EPSS: 6%CPEs: 2EXPL: 1CVE-2008-1238 – Referrer spoofing bug
https://notcve.org/view.php?id=CVE-2008-1238
27 Mar 2008 — Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9, cuando generan las cabeceras HTTP Referer... • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 0CVE-2008-1241 – XUL popup spoofing
https://notcve.org/view.php?id=CVE-2008-1241
27 Mar 2008 — GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. Vulnerabilidad GUI overlay Mozilla Firefox versiones anteriores a 2.0.0.13 y SeaMonkey versiones anteriores a 1.1.9 permite a atacantes remotos falsificar los elementos form y redireccionar entradas de los usuarios a través de una ventana emergente borderless XUL de un tab de fondo. • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.8EPSS: 33%CPEs: 4EXPL: 0CVE-2008-0304 – thunderbird/seamonkey: MIME External-Body Heap Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2008-0304
29 Feb 2008 — Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. Desbordamiento de búfer basado en montículo en Mozilla Thunderbird antes de 2.0.0.12 y SeaMonkey antes de 1.1.8 podrían permitir a atacantes remotos ejecutar código de su elección a través de un tipo MIME "message/external-body" manipulad... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=668 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 6%CPEs: 3EXPL: 0CVE-2008-0416 – Mozilla arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-0416
12 Feb 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. Múltiples vulnerabilidades de XSS en Mozilla Firefox en versiones anteriores a 2.0.0.12, Thunderb... • http://jvn.jp/en/jp/JVN21563357/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 80EXPL: 0CVE-2008-0420 – Mozilla information disclosure flaw
https://notcve.org/view.php?id=CVE-2008-0420
12 Feb 2008 — modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers ... • http://browser.netscape.com/releasenotes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0CVE-2008-0593 – Mozilla URL token stealing flaw
https://notcve.org/view.php?id=CVE-2008-0593
09 Feb 2008 — Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. Los navegadores basados en Gecko, incluyendo Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, modifican la propiedad .href de los nodos... • http://browser.netscape.com/releasenotes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 1CVE-2008-0592 – Mozilla text file mishandling
https://notcve.org/view.php?id=CVE-2008-0592
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. Mozilla Firefox antes de 2.0.0.12 y SeaMonkey antes de 1.1.8. Permite a atacantes remotos ayudados por el usuario provocar una denegación de servicio a través del archivo plain .txt con un "disposic... • http://browser.netscape.com/releasenotes •
CVSS: 9.3EPSS: 8%CPEs: 3EXPL: 0CVE-2008-0412 – Mozilla layout engine crashes
https://notcve.org/view.php?id=CVE-2008-0412
08 Feb 2008 — The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn method... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 6%CPEs: 3EXPL: 0CVE-2008-0413 – Mozilla javascript engine crashes
https://notcve.org/view.php?id=CVE-2008-0413
08 Feb 2008 — The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8 p... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 2EXPL: 0CVE-2008-0414 – mozilla: multiple file input focus stealing vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0414
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, permiten a atacantes remotos con la intervención del usuario engañarle enviando archivos de su elección a través de etiquetas label que cambian el foco a un campo de entrada de archivo, también conoc... • http://browser.netscape.com/releasenotes • CWE-20: Improper Input Validation •