CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2008-0593 – Mozilla URL token stealing flaw
https://notcve.org/view.php?id=CVE-2008-0593
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. Los navegadores basados en Gecko, incluyendo Mozilla Firefox versiones anteriores a 2.0.0.12 y SeaMonkey versiones anteriores a 1.1.8, modifican la propiedad .href de los nodos DOM de la hoja de estilo al URI final de un redireccionamiento 302, que podría permitir a los atacantes remotos omitir la Política del Mismo Origen y leer información confidencial de la dirección URL original, como con los sistemas de Single-Signon. • http://browser.netscape.com/releasenotes http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html http://secunia.com/advisories/28754 http://secunia.com/advisories/28758 http://secunia.com/advisories/28766 http://secunia.com/advisories/28815 http://secunia.com/advisories/28818 http://secunia.com/advisories/28839 http://secunia.com/advisories/28864 http://secunia.com/advisories/28865 http://secunia.com/advisories/28877 http://secunia.com/advisories/28879 http:/& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 79%CPEs: 4EXPL: 0CVE-2006-6497
https://notcve.org/view.php?id=CVE-2006-6497
Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. Múltiples vulnerabilidades no especificadas en el motor de diseño para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permiten a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída) y posiblemente ejecutar código de su elección mediante vectores de ataque desconocidos. • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc http://fedoranews.org/cms/node/2297 http://fedoranews.org/cms/node/2338 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://rhn.redhat.com/errata/RHSA-2006-0758.html http://rhn.redhat.com/errata/RHSA-2006-0759.html http://rhn.redhat.com/errata/RHSA-2006-0760.html http://secunia.com/advisories/23282 http://secunia.com/advisories/23420 http://secunia.com/advisories& •