Page 75 of 692 results (0.032 seconds)

CVSS: 5.1EPSS: 1%CPEs: 251EXPL: 1

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. Vulnerabilidad de salto de directorio en Mozilla Firefox anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10, y SeaMonkey anterior a v2.0.14 en Windows permite a atacantes remotos determinar la existencia de ficheros arbitrarios, y posiblemente cargar recursos mediante vectores que comprenden un recurso: URL. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-16.html https://bugzilla.mozilla.org/show_bug.cgi?id=624764 https://oval.cisecurity.org/repository/search/ • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.1EPSS: 0%CPEs: 164EXPL: 1

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. Mozilla Firefox v3.5.19 y v3.6.x anterior a v3.6.17, y SeaMonkey anterior a v2.0.14, no implementa adecuadamente el autocompletado de formularios, permitiendo a atacantes remotos leer las entradas del historial de formularios a través de un applet de Java que falsifica la interacción con los controles de autocompletado. • http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mozilla.org/security/announce/2011/mfsa2011-14.html https://bugzilla.mozilla.org/show_bug.cgi?id=527935 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14523 https://access.redhat • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 18%CPEs: 176EXPL: 1

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19, v3.6.x anterior a v3.6.17, y v4.x anterior a v4.0.1; Thunderbird anterior a v3.1.10; y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0070. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus. •

CVSS: 10.0EPSS: 20%CPEs: 163EXPL: 0

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. Vulnerabilidad no especificada en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos, una vulnerabilidad diferente de CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, y CVE-2011 0078. • http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/announce/2011/mfsa2011-12.html http://www.securityfocus.com/bid/47647 https& •

CVSS: 10.0EPSS: 59%CPEs: 163EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Multiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x anterior a v3.5.19 y v3.6.x anterior a v3.6.17, Thunderbird anterior a v.3.1.10 y SeaMonkey anterior a v2.0.14 permite a atacantes remotos generar una denegación de servicio (corrupción de memoria y caída de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird http://downloads.avaya.com/css/P8/documents/100134543 http://downloads.avaya.com/css/P8/documents/100144158 http://www.debian.org/security/2011/dsa-2227 http://www.debian.org/security/2011/dsa-2228 http://www.debian.org/security/2011/dsa-2235 http://www.mandriva.com/security/advisories?name=MDVSA-2011:079 http://www.mandriva.com/security/advisories?name=MDVSA-2011:080 http://www.mozilla.org/security/ •