CVSS: 6.8EPSS: 4%CPEs: 6EXPL: 0CVE-2007-0780
https://notcve.org/view.php?id=CVE-2007-0780
26 Feb 2007 — browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. browser.js en Mozilla Firefox 1.5.x versiones anteriores a 1.5.0.10 y 2.x versiones anteriores a 2.0.0.2, y SeaMonkey versiones anteriores a 1.0.8, usa la UR... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 6%CPEs: 7EXPL: 0CVE-2007-0778
https://notcve.org/view.php?id=CVE-2007-0778
26 Feb 2007 — The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache. La característica caché de página en Mozilla Firefox versiones anteriores a 1.5.0.10 y 2.x versiones anteriores a 2.0.0.2, y SeaMonkey versiones anteriores a 1.0.8 puede... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 16%CPEs: 47EXPL: 0CVE-2007-0779
https://notcve.org/view.php?id=CVE-2007-0779
26 Feb 2007 — GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. Vulnerabilidad de superposición del IGU (Interfaz Gráfica de Usuario) en Mozilla Firefox 1.5.x anterior a 1.5.0.10 y 2.x anterior a 2.0.0.2, y SeaMonkey anterior a 1.0.8 permite a atacantes remotos suplantar de... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc •
CVSS: 9.8EPSS: 96%CPEs: 86EXPL: 0CVE-2007-0008 – NSS: SSLv2 protocol buffer overflows
https://notcve.org/view.php?id=CVE-2007-0008
26 Feb 2007 — Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. Un subdesbordamiento de enteros en el sopor... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 94%CPEs: 7EXPL: 0CVE-2007-0777
https://notcve.org/view.php?id=CVE-2007-0777
26 Feb 2007 — The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption. El motor JavaScript de Mozilla Firefox anterior a 1.5.0.10 y 2.x anterior a 2.0.0.2, Thunderbird anterior a 1.5.0.10, y SeaMonkey anterior a 1.0.8 permite a atacantes remotos provocar una denegación de servicio (caída) y posib... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 92%CPEs: 3EXPL: 0CVE-2007-0776
https://notcve.org/view.php?id=CVE-2007-0776
26 Feb 2007 — Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. Un Desbordamiento de búfer en la región heap de la memoria en la función _cairo_pen_init en Mozilla Firefox versión 2.x anterior a 2.0.0.2, Thunderbird anterior a la versión 1.5.0.10, y SeaMonkey anterior a versión 1.0.8 permite a lo... • http://fedoranews.org/cms/node/2713 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 32%CPEs: 4EXPL: 0CVE-2007-0995
https://notcve.org/view.php?id=CVE-2007-0995
26 Feb 2007 — Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions. Mozilla Firefox anterior a 1.5.0.10 y 2.x anterior a 2.0.0.2, y SeaMonkey anterior a 1.0.8 ignoran el tratamiento de caracteres HTML inválidos en nombres de atributo, lo cual permite a atacantes remotos evitar filtros de contenido que usan expresiones regulares. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 95%CPEs: 44EXPL: 0CVE-2007-0775
https://notcve.org/view.php?id=CVE-2007-0775
26 Feb 2007 — Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors. Múltiples vulnerabilidades no especificadas en el motor de diseño en Mozilla Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, Thunderbird anterior a versión 1.5.0.10 y SeaMonkey anterior a versión 1... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc •
CVSS: 9.8EPSS: 92%CPEs: 3EXPL: 1CVE-2007-1092
https://notcve.org/view.php?id=CVE-2007-1092
26 Feb 2007 — Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. Mozilla Firefox 1.5.0.9 y 2.0.0.1, y SeaMonkey versiones anteriores a 1.0.8 permite a atacantes remotos ejecutar código de su elección mediante gestores Javascript onUnload que modifican la estructura de un documento, lo cual dispara c... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc •
CVSS: 6.8EPSS: 61%CPEs: 75EXPL: 0CVE-2007-1095
https://notcve.org/view.php?id=CVE-2007-1095
26 Feb 2007 — Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. Mozilla Firefox anterior a versión 2.0.0.8 y SeaMonkey anterior a versión 1.1.5, no implementan apropiadamente los manejadores onUnload de JavaScript, lo que permite a los atacantes remotos ejecutar cierto código JavaScript y acceder ... • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 •