Page 96 of 535 results (0.028 seconds)

CVSS: 5.0EPSS: 3%CPEs: 185EXPL: 2

Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. Mozilla Firefox anteriores a v2.0.0.19 y v3.x anteriores a v3.0.5, SeaMonkey y Thunderbird permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y colgado de la aplicación) mediante un valor entero grande en la propiedad "length" de un objeto "Select", siendo un asunto relacionado con CVE-2009-1692. • https://www.exploit-db.com/exploits/9160 http://www.exploit-db.com/exploits/9160 http://www.g-sec.lu/one-bug-to-rule-them-all.html http://www.securityfocus.com/archive/1/504969/100/0/threaded http://www.securityfocus.com/archive/1/504988/100/0/threaded http://www.securityfocus.com/archive/1/504989/100/0/threaded http://www.securityfocus.com/archive/1/505006/100/0/threaded https://bugzilla.mozilla.org/show_bug.cgi?id=460713 • CWE-189: Numeric Errors •

CVSS: 9.3EPSS: 9%CPEs: 108EXPL: 0

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. Mozilla Thunderbird en versiones anteriores a la 2.0.0.22 y SeaMonkey en versiones anteriores a la 1.1.17 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección mediante mensaje de correo eléctronico multipart/alternative que contenga una parte text/enhanced que dispara el acceso a un tipo de objeto incorrecto. • http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35633 http://secunia.com/advisories/35882 http://securitytracker.com/id?1022433 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408 http://www.debian.org/security/2009/dsa-1830 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://www.mozilla.org/security/announce/2009/mfsa2009-33.html http://www.redhat.com/support/errat •

CVSS: 9.3EPSS: 1%CPEs: 202EXPL: 0

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. js/src/xpconnect/src/xpcwrappedjsclass.cpp en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anterior a v1.1.17 permite a atacantes remotos ejecutar secuencias de comandos web de forma arbitraria con los privilegios de un objeto "chrome", como se ha demostrado en la barra lateral del navegador y el FeedWriter. • http://osvdb.org/55159 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 14%CPEs: 202EXPL: 2

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar codigo arbitrario a traves de vectores que incluyen "construccion de doble marco". • http://osvdb.org/55148 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http://securitytracker.com/id?1022376 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 1%CPEs: 202EXPL: 0

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. La implementación de la recolección de basura en Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 fija un elemento del documento del propietario a "null" en circunstancias sin especificar, lo que permite a atacantes remotos ejecutar JavaScript con privilegios chrome a traves de un manipulador de eventos manipulado, relacionado con un contexto incorrecto para este manipulador de eventos. • http://osvdb.org/55157 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http& • CWE-94: Improper Control of Generation of Code ('Code Injection') •