CVSS: 9.3EPSS: 1%CPEs: 202EXPL: 0CVE-2009-1841 – Firefox JavaScript arbitrary code execution
https://notcve.org/view.php?id=CVE-2009-1841
js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. js/src/xpconnect/src/xpcwrappedjsclass.cpp en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anterior a v1.1.17 permite a atacantes remotos ejecutar secuencias de comandos web de forma arbitraria con los privilegios de un objeto "chrome", como se ha demostrado en la barra lateral del navegador y el FeedWriter. • http://osvdb.org/55159 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 202EXPL: 2CVE-2009-1836 – Firefox SSL tampering via non-200 responses to proxy CONNECT requests
https://notcve.org/view.php?id=CVE-2009-1836
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 utilizan la cabecera HTTP del servidor para determinar el contexto de un documento facilitado mediante una respuesta CONNECT no 200 desde un servidor proxy, lo que permite a atacantes "man-in-the-middle" ejecutar secuencias de comandos web arbitrarios mediante la modificación de la respuesta CONNECT, también conocido como ataque "forzado SSL". • http://osvdb.org/55160 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 • CWE-287: Improper Authentication •
CVSS: 9.3EPSS: 14%CPEs: 202EXPL: 4CVE-2009-1833 – Firefox JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1833
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. El motor JavaScript en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar codigo arbitrario a traves de vectores relacionados con (1) js_LeaveSharpObject, (2) ParseXMLSource, y (3) una cierta aserción en jsinterp.c; y otros vectores. • http://osvdb.org/55152 http://osvdb.org/55153 http://osvdb.org/55154 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 14%CPEs: 202EXPL: 2CVE-2009-1832 – Firefox double frame construction flaw
https://notcve.org/view.php?id=CVE-2009-1832
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar codigo arbitrario a traves de vectores que incluyen "construccion de doble marco". • http://osvdb.org/55148 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http://securitytracker.com/id?1022376 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 1%CPEs: 202EXPL: 0CVE-2009-1838 – Firefox arbitrary code execution flaw
https://notcve.org/view.php?id=CVE-2009-1838
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. La implementación de la recolección de basura en Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 fija un elemento del documento del propietario a "null" en circunstancias sin especificar, lo que permite a atacantes remotos ejecutar JavaScript con privilegios chrome a traves de un manipulador de eventos manipulado, relacionado con un contexto incorrecto para este manipulador de eventos. • http://osvdb.org/55157 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http& • CWE-94: Improper Control of Generation of Code ('Code Injection') •