15 results (0.010 seconds)

CVSS: 7.5EPSS: 97%CPEs: 51EXPL: 2

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8, permiten a los atacantes remotos omitir la políticas de mismo origen, robar cookies y conducir otros ataques escribiendo un URI con un byte NULL a la propiedad DOM del host (location.hostname), debido a las interacciones con el código de resolución DNS. • https://www.exploit-db.com/exploits/3340 ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc ftp://patches.sgi.com/support/free/security/advisories/20070301-01-P.asc http://fedoranews.org/cms/node/2713 http://fedoranews.org/cms/node/2728 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 http://lcamtuf.dione.cc/ffhostname.html http://lists.suse.com/archive/suse-security-announce/2007-Mar/0001.html http://rhn.redhat.com/errat • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 46%CPEs: 30EXPL: 0

Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources" ** IMPUGNADA ** Desbordamiento de búfer basado en pila en Mozilla Firefox permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados implicando JavaScript. NOTA: el vendedor e investigadores originales han liberado un comentario de continuación impugnando la severidad de este asunto, en el cual el investigador afirma que "hemos mencionado que hubo una vulnerabilidad en Firefox previamente conocida que podría provocar un desbordamiento de pila permitiendo ejecución remota de código. • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon http://securityreason.com/securityalert/1678 http://securitytracker.com/id?1016962 http://www.securityfocus.com/archive/1/447493/100/0/threaded http://www.securityfocus.com/archive/1/447497/100/0/threaded http://www.securityfocus.com/bid/20282 http://www.securityfocus.com/bid/20294 http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html https:// •

CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0

Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. ** IMPUGNADA ** Múltiples vulnerabilidades en Mozilla Firefox tienen vectores e impacto no especificados, como fue reclamado durante el ToorCon 2006. NOTA: el vendedor e investigadores originales han liberado un comentario de seguimiento impugnando este asunto, en el cual un investigador afirma que "No tengo vulnerabilidades de Firefox no reveladas. La persona que estuvo hablando conmigo hizo esta reclamación, y yo honestamente no tengo ni idea de si él las tiene o no". • http://developer.mozilla.org/devnews/index.php/2006/10/02/update-possible-vulnerability-reported-at-toorcon http://www.securityfocus.com/archive/1/447493/100/0/threaded http://www.securityfocus.com/bid/20294 http://www.securitypronews.com/insiderreports/insider/spn-49-20061003FirefoxVulnerabilityClaimWasAJoke.html •

CVSS: 6.4EPSS: 8%CPEs: 30EXPL: 0

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. NOTE: this description was based on a report that has since been retracted by the original authors. The authors misinterpreted their test results. Other third parties also disputed the original report. Therefore, this is not a vulnerability. • http://isc.sans.org/diary.php?storyid=1448 http://www.securityfocus.com/archive/1/438785/100/0/threaded http://www.securityfocus.com/archive/1/438788/100/0/threaded http://www.securityfocus.com/archive/1/438811/100/0/threaded http://www.securityfocus.com/archive/1/438863/100/0/threaded http://www.securityfocus.com/archive/1/438864/100/0/threaded http://www.securityfocus.com/archive/1/439146/100/0/threaded http://www.securityfocus.com/bid/18734 •

CVSS: 7.5EPSS: 25%CPEs: 24EXPL: 1

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. • http://rhn.redhat.com/errata/RHSA-2006-0609.html http://secunia.com/advisories/21269 http://secunia.com/advisories/21270 http://secunia.com/advisories/21336 http://secunia.com/advisories/21532 http://secunia.com/advisories/21631 http://secunia.com/advisories/22247 http://secunia.com/advisories/22299 http://secunia.com/advisories/22342 http://secunia.com/advisories/22849 http://www.debian.org/security/2006/dsa-1192 http://www.debian.org/security/2006/dsa-1210 http:&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •