Page 94 of 672 results (0.019 seconds)

CVSS: 10.0EPSS: 32%CPEs: 56EXPL: 1

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer basado en memoria dinámica en el parseador de imágenes GIF en Mozilla Firefox anteriores a v3.0.15 y v3.5.x anteriores a v3.5.4, y SeaMonkey anteriores a v2.0, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • https://www.exploit-db.com/exploits/33313 http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1 http://www.mandriva.com/security/advisories?name=MDVSA-2009:294 http://www.mozilla.org/security/announce/2009/mfsa2009-56.html http://www.vupen.com/english/advisories/2009/3334 https://bugzilla.mozilla.org/show_bug.cgi?id=511689 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10684 https://oval.cisecurity.org/repository/search/definition/oval&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker. Mozilla Firefox v3.5.1, SeaMonkey v1.1.17 y Flock v2.5.1 permiten falsificar a atacantes remotos dependiendo del contexto la barra de direcciones a través de un window.open con una URI relativa, que muestra una URL de tipo File: arbitraria que una victima haya visitado anteriormente, como se demuestra visitando un documento de tipo file: escrito por el atacante. • http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html https://exchange.xforce.ibmcloud.com/vulnerabilities/53010 •

CVSS: 4.3EPSS: 0%CPEs: 79EXPL: 0

mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties. mailnews en Mozilla Thunderbird anteriores a v2.0.0.18 y SeaMonkey anteriores a v1.1.13, cuando JavaScript es habilita en correo electrónico, permite a los atacantes remotos obtener información sensible acerca del recipiente, o comentarios en correos re-enviados, a través de una secuencia de comando que lee las propiedades (1) .documentURI or (2) .textContent DOM • http://secunia.com/advisories/32714 http://secunia.com/advisories/32715 http://www.mozilla.org/security/announce/2008/mfsa2008-59.html http://www.securityfocus.com/bid/32363 http://www.securitytracker.com/id?1021247 https://bugzilla.mozilla.org/show_bug.cgi?id=458883 https://exchange.xforce.ibmcloud.com/vulnerabilities/46734 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 0

Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. Mozilla Firefox anterior a v3.5 y NSS anterior a v3.12.3 no tratan apropiadamente un carácter '\0' en un nombre de dominio en el campo nombre común (CN) del asunto de un certificado X.509, que permite a un atacante de hombre-en-el-medio suplantar servidores SSL arbitrarios a través de un certificado manipulado por una autoridad de certificación. • http://isc.sans.org/diary.html?storyid=7003 http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html http://marc.info/?l=oss-security&m=125198917018936&w=2 http://osvdb.org/56723 http://secunia.com/advisories/36088 http://secunia.com/advisories/36125 http://secunia.com/advisories/36139 http://secunia.com/advisories/36157 http://secunia.com/advisories/36434 http://secunia.com/advisories/36669 http://secunia.com/advisories/37098 http://sunsolve.sun.com • CWE-295: Improper Certificate Validation •

CVSS: 5.0EPSS: 3%CPEs: 185EXPL: 2

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-2009-1692. • https://www.exploit-db.com/exploits/9160 http://www.exploit-db.com/exploits/9160 http://www.g-sec.lu/one-bug-to-rule-them-all.html http://www.securityfocus.com/archive/1/504969/100/0/threaded http://www.securityfocus.com/archive/1/504988/100/0/threaded http://www.securityfocus.com/archive/1/504989/100/0/threaded http://www.securityfocus.com/archive/1/505006/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=460713 • CWE-189: Numeric Errors •