CVE-2009-1302 – Firefox 3 Layout engine crashes
https://notcve.org/view.php?id=CVE-2009-1302
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. El motor del navegador Mozilla Firefox v3.x anteriores a la v3.0.9, Thunderbird anteriores a la v2.0.0.22, y SeaMonkey anteriores a v1.1.16 permite a atacantes remotos producir una denegación de servicio (caída de aplicación) y posiblemente inicia una corrupción de memoria a través de vectores relacionados con (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) caso de pueba xslt_attributeset_ImportSameName.html para el compilador XSLT stylesheet , (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate y nsEditor::EndUpdateViewBatch, y (8) gfxSkipCharsIterator::SetOffsets, y otros vectores. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1797 http://www.debian.org/security/2009/dsa • CWE-399: Resource Management Errors •
CVE-2009-1304 – Firefox 3 JavaScript engine crashes
https://notcve.org/view.php?id=CVE-2009-1304
The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration. El motor JavaScript en Mozilla Firefox v3.x en anteriores a v3.0.9, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.16 permite a atacantes remotos producir una denegación de servicio (caída de aplicación) y posiblemente iniciar una corrupción de memoria a través de vectores relacionados con (1) js_FindPropertyHelper, relacionado con las definiciones de "Math" y "Date"; (2) js_CheckRedeclaration. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1 http://www.debian.org/security/2009/dsa-1797 http://www.mandriva.com/security/advisories& • CWE-399: Resource Management Errors •
CVE-2009-1305 – Firefox 2 and 3 JavaScript engine crash
https://notcve.org/view.php?id=CVE-2009-1305
The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. El motor JavaScript en Mozilla Firefox antes de 3.0.9, Thunderbird antes de 2.0.0.22, y SeaMonkey antes de 1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente disparar una corrupción de memoria mediante vectores en relación con JSOP_DEFVAR y con las propiedades que carecen del atributo JSPROP_PERMANENT. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search • CWE-399: Resource Management Errors •
CVE-2009-1303 – Firefox 2 and 3 Layout engine crash
https://notcve.org/view.php?id=CVE-2009-1303
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. El navegador del motor en Mozilla Firefox versiones anteriores a v3.0.9, Thunderbird versiones anteriores a v2.0.0.22, y SeaMonkey versiones anteriores a v1.1.16 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) y posiblemente disparar corrupción de memoria a través de vectores relacionados con nsSVGElement::BindToTre. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34780 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35536 http://secunia.com/advisories/35602 http://sunsolve.sun.com/search • CWE-16: Configuration •
CVE-2009-1311 – Firefox POST data sent to wrong site when saving web page with embedded frame
https://notcve.org/view.php?id=CVE-2009-1311
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. Mozilla Firefox anteriores a v3.0.9 y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos con la intervención del usuario obtener información sensible al utilizar una página web con un "frame" embebido, provocando que una operación "POST" desde una página externa sea enviada al "frame" contenido en la URL al realizar un almacenamiento "SAVEMODE_FILEONLY" del "frame" contenido. • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://rhn.redhat.com/errata/RHSA-2009-0437.html http://secunia.com/advisories/34758 http://secunia.com/advisories/34843 http://secunia.com/advisories/34844 http://secunia.com/advisories/34894 http://secunia.com/advisories/35042 http://secunia.com/advisories/35065 http://secunia.com/advisories/35561 http://secunia.com/advisories/35882 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •