CVSS: 6.5EPSS: 21%CPEs: 2EXPL: 1CVE-2008-0592 – Mozilla text file mishandling
https://notcve.org/view.php?id=CVE-2008-0592
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. Mozilla Firefox antes de 2.0.0.12 y SeaMonkey antes de 1.1.8. Permite a atacantes remotos ayudados por el usuario provocar una denegación de servicio a través del archivo plain .txt con un "disposic... • http://browser.netscape.com/releasenotes •
CVSS: 7.5EPSS: 26%CPEs: 3EXPL: 1CVE-2008-0418 – Mozilla Firefox 2.0 - 'chrome://' URI JavaScript File Request Information Disclosure
https://notcve.org/view.php?id=CVE-2008-0418
08 Feb 2008 — Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. Vulnerabilidad de salto de directorio en Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, y SeaMonkey en versiones anteriores a 1.1.8, cuando usa addons "llanos", per... • https://www.exploit-db.com/exploits/31051 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 71%CPEs: 2EXPL: 0CVE-2008-0419 – Mozilla arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-0419
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, permite a los atacantes remotos robar el historial de navegación y causar una denegación de servicio (bloqueo) por medio de imágenes en una página que usa tramas d... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 13%CPEs: 3EXPL: 0CVE-2008-0415 – Mozilla arbitrary code execution
https://notcve.org/view.php?id=CVE-2008-0415
08 Feb 2008 — Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8, permiten a atacantes remotos ejecutar scripts fuera de la caja de are... • http://browser.netscape.com/releasenotes • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 46%CPEs: 3EXPL: 0CVE-2008-0413 – Mozilla javascript engine crashes
https://notcve.org/view.php?id=CVE-2008-0413
08 Feb 2008 — The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors. El motor JavaScript de Mozilla Firefox versiones anteriores a 2.0.0.12, Thunderbird versiones anteriores a 2.0.0.12, y SeaMonkey versiones anteriores a 1.1.8 p... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 9.3EPSS: 31%CPEs: 3EXPL: 0CVE-2008-0412 – Mozilla layout engine crashes
https://notcve.org/view.php?id=CVE-2008-0412
08 Feb 2008 — The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn method... • http://browser.netscape.com/releasenotes • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 6%CPEs: 2EXPL: 0CVE-2008-0414 – mozilla: multiple file input focus stealing vulnerabilities
https://notcve.org/view.php?id=CVE-2008-0414
08 Feb 2008 — Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, permiten a atacantes remotos con la intervención del usuario engañarle enviando archivos de su elección a través de etiquetas label que cambian el foco a un campo de entrada de archivo, también conoc... • http://browser.netscape.com/releasenotes • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 5%CPEs: 2EXPL: 0CVE-2007-6589
https://notcve.org/view.php?id=CVE-2007-6589
28 Dec 2007 — The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. El manejador de protocolo jar de Mozilla Firefox anterior a 2.0.0.10 y SeaMonkey anterior a 1.1.7 no actualiza el dominio de origen cuando la recuperación del parámetro URL interno da luga... • http://blog.beford.org/?p=8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 3%CPEs: 52EXPL: 0CVE-2007-5960 – Mozilla Cross-site Request Forgery flaw
https://notcve.org/view.php?id=CVE-2007-5960
26 Nov 2007 — Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7, establece el e... • http://browser.netscape.com/releasenotes • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 95%CPEs: 66EXPL: 0CVE-2007-5959 – Multiple flaws in Firefox
https://notcve.org/view.php?id=CVE-2007-5959
26 Nov 2007 — Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. Múltiples vulnerabilidades no especificadas en Mozilla Firefox versiones anteriores a 2.0.0.10 y SeaMonkey versiones anteriores a 1.1.7 permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante v... • http://browser.netscape.com/releasenotes •