CVE-2008-5022
- EPSS 3.03%
- Veröffentlicht 13.11.2008 11:30:01
- Zuletzt bearbeitet 16.06.2026 22:59:03
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrar...
CVE-2008-5023
- EPSS 3.26%
- Veröffentlicht 13.11.2008 11:30:01
- Zuletzt bearbeitet 16.06.2026 22:59:05
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR f...
CVE-2008-5024
- EPSS 3.64%
- Veröffentlicht 13.11.2008 11:30:01
- Zuletzt bearbeitet 16.06.2026 22:59:05
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection at...
CVE-2008-4989
- EPSS 1.88%
- Veröffentlicht 13.11.2008 01:00:01
- Zuletzt bearbeitet 16.06.2026 22:58:53
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers t...
CVE-2008-4934
- EPSS 3.29%
- Veröffentlicht 05.11.2008 15:00:14
- Zuletzt bearbeitet 16.06.2026 22:58:47
The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service (syste...
CVE-2008-4577
- EPSS 2.33%
- Veröffentlicht 15.10.2008 20:08:02
- Zuletzt bearbeitet 16.06.2026 22:58:06
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2008-4582
- EPSS 10.19%
- Veröffentlicht 15.10.2008 20:08:02
- Zuletzt bearbeitet 16.06.2026 22:58:06
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the...
CVE-2008-3837
- EPSS 3.27%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:56:38
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted...
CVE-2008-4058
- EPSS 5.08%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:04
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vec...
- EPSS 4.99%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:05
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) ...