Page 98 of 686 results (0.026 seconds)

CVSS: 9.3EPSS: 9%CPEs: 108EXPL: 0

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type. Mozilla Thunderbird en versiones anteriores a la 2.0.0.22 y SeaMonkey en versiones anteriores a la 1.1.17 permiten a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código de su elección mediante mensaje de correo eléctronico multipart/alternative que contenga una parte text/enhanced que dispara el acceso a un tipo de objeto incorrecto. • http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35633 http://secunia.com/advisories/35882 http://securitytracker.com/id?1022433 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408 http://www.debian.org/security/2009/dsa-1830 http://www.mandriva.com/security/advisories?name=MDVSA-2009:141 http://www.mozilla.org/security/announce/2009/mfsa2009-33.html http://www.redhat.com/support/errat •

CVSS: 9.3EPSS: 1%CPEs: 202EXPL: 0

js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. js/src/xpconnect/src/xpcwrappedjsclass.cpp en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anterior a v1.1.17 permite a atacantes remotos ejecutar secuencias de comandos web de forma arbitraria con los privilegios de un objeto "chrome", como se ha demostrado en la barra lateral del navegador y el FeedWriter. • http://osvdb.org/55159 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 14%CPEs: 202EXPL: 2

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegacion de servicio (corrupcion de servicio y caida de aplicacion) o posiblemente ejecutar codigo arbitrario a traves de vectores que incluyen "construccion de doble marco". • http://osvdb.org/55148 http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http://securitytracker.com/id?1022376 http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 1%CPEs: 202EXPL: 0

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. La implementación de la recolección de basura en Mozilla Firefox anteriores a v3.0.11, Thunderbird anteriores a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 fija un elemento del documento del propietario a "null" en circunstancias sin especificar, lo que permite a atacantes remotos ejecutar JavaScript con privilegios chrome a traves de un manipulador de eventos manipulado, relacionado con un contexto incorrecto para este manipulador de eventos. • http://osvdb.org/55157 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/advisories/35602 http://secunia.com/advisories/35882 http& • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.3EPSS: 14%CPEs: 202EXPL: 4

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. El motor JavaScript en Mozilla Firefox anterior a v3.0.11, Thunderbird anterior a v2.0.0.22, y SeaMonkey anteriores a v1.1.17 permite a atacantes remotos producir una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente ejecutar codigo arbitrario a traves de vectores relacionados con (1) js_LeaveSharpObject, (2) ParseXMLSource, y (3) una cierta aserción en jsinterp.c; y otros vectores. • http://osvdb.org/55152 http://osvdb.org/55153 http://osvdb.org/55154 http://rhn.redhat.com/errata/RHSA-2009-1096.html http://secunia.com/advisories/35331 http://secunia.com/advisories/35415 http://secunia.com/advisories/35428 http://secunia.com/advisories/35431 http://secunia.com/advisories/35439 http://secunia.com/advisories/35440 http://secunia.com/advisories/35468 http://secunia.com/advisories/35536 http://secunia.com/advisories/35561 http://secunia.com/ • CWE-94: Improper Control of Generation of Code ('Code Injection') •