Mozilla: >> Seamonkey Security Vulnerabilities
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
CVSS Score
7.5
EPSS Score
0.02
Published
2008-09-24
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
CVSS Score
10.0
EPSS Score
0.027
Published
2008-09-24
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
CVSS Score
10.0
EPSS Score
0.02
Published
2008-09-24
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug."
CVSS Score
4.3
EPSS Score
0.013
Published
2008-09-24
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.
CVSS Score
4.3
EPSS Score
0.017
Published
2008-09-24
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.
CVSS Score
7.8
EPSS Score
0.002
Published
2008-09-24
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
CVSS Score
5.0
EPSS Score
0.009
Published
2008-09-24
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
CVSS Score
4.0
EPSS Score
0.02
Published
2008-07-08
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
CVSS Score
10.0
EPSS Score
0.095
Published
2008-07-07
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
CVSS Score
10.0
EPSS Score
0.084
Published
2008-07-07