Page 93 of 626 results (0.015 seconds)

CVSS: 7.8EPSS: 0%CPEs: 156EXPL: 0

The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. La función GeckoActiveXObject en Mozilla Firefox antes de v3.0.16 y v3.5.x antes de v3.5.6, y SeaMonkey antes de v2.0.1, genera mensajes de excepción diferentes dependiendo de si el objeto COM al que se hace referencia aparece en el registro, lo que permite obtener a atacantes remotos, información potencialmente confidencial sobre el software instalado. Esto se consigue haciendo multiples llamadas que especifican los valores de ProgID de diferentes objetos COM. • http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://securitytracker.com/id?1023346 http://securitytracker.com/id?1023347 http://www.mozilla.org/security/announce/2009/mfsa2009-71.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37360 http://www.vupen.com/english/advisories/2009/3547 https://bugzilla.mozilla.org/show_bug.cgi?id=503451 https://bugzilla.redhat.com/show_bug.cgi?id=546729 https://exchange.xforce.ibmcloud.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.3EPSS: 9%CPEs: 52EXPL: 0

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor del navegador de Mozilla Firefox v3.5.x antes de v3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permiten a atacantes remotos provocar una denegación de servicio (por corrupción de la memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://securitytracker.com/id?1023333 http://securitytracker.com/id?1023334 http://www.mozilla.org/security/announce/2009/mfsa2009-65.html http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37362 http://www.ubuntu.com/usn/USN-874-1 http:/& • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 2%CPEs: 51EXPL: 0

liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." liboggplay en Mozilla Firefox v3.5.x antes de v3.5.6 y SeaMonkey antes de v2.0.1 podría permitir a atacantes dependientes de contexto causar una denegación de servicio (por caída de la aplicación) o ejecutar código arbitrario a través de vectores no especificados, relacionados con "cuestiones de seguridad de la memoria." • http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://securitytracker.com/id?1023335 http://securitytracker.com/id?1023336 http://www.mozilla.org/security/announce/2009/mfsa2009-66.html http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37369 http://www.ubuntu.com/usn/USN-874-1 http:/& • CWE-399: Resource Management Errors •

CVSS: 9.3EPSS: 9%CPEs: 51EXPL: 0

Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. Un desbordamiento de entero en libtheora en Xiph.Org Theora antes de v1.1, tal como se utiliza en Mozilla Firefox v3.5 antes de v3.5.6 y SeaMonkey antes de v2.0.1, permite a atacantes remotos causar una denegación de servicio (mediante caída de la aplicación) o posiblemente ejecutar código arbitrario a través de un vídeo de grandes dimensiones. • http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://secunia.com/advisories/37699 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://secunia.com/advisories/39317 http://www.mandriva.com/security/advisories?name=MDVSA-2010:043 http://www.mozilla.org/security/announce/2009/mfsa2009-67.html http://www.novell.com/linux/sec • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 7%CPEs: 52EXPL: 0

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Múltiples vulnerabilidades no especificadas en el motor JavaScript en Mozilla Firefox v3.5.x antes de v3.5.6, SeaMonkey antes de v2.0.1 y Thunderbird permite a atacantes remotos provocar una denegación de servicio (mediante corrupción de memoria y bloqueo de la aplicación) o posiblemente ejecutar código arbitrario a través de vectores desconocidos. • http://secunia.com/advisories/37699 http://secunia.com/advisories/37783 http://secunia.com/advisories/37785 http://secunia.com/advisories/37856 http://secunia.com/advisories/37881 http://securitytracker.com/id?1023333 http://securitytracker.com/id?1023334 http://www.mozilla.org/security/announce/2009/mfsa2009-65.html http://www.novell.com/linux/security/advisories/2009_63_firefox.html http://www.securityfocus.com/bid/37349 http://www.securityfocus.com/bid/37364 http://www. •