# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2010-0623 |
|
|
DoS |
2010-02-15 |
2020-08-14 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem. |
2 |
CVE-2010-0410 |
399 |
|
DoS |
2010-02-22 |
2018-11-16 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. |
3 |
CVE-2010-0307 |
|
|
DoS |
2010-02-17 |
2018-11-16 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. |
4 |
CVE-2010-0205 |
400 |
|
DoS |
2010-03-03 |
2020-08-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. |
5 |
CVE-2010-0159 |
|
|
DoS Exec Code Mem. Corr. |
2010-02-22 |
2018-11-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors. |
6 |
CVE-2010-0136 |
77 |
|
|
2010-02-16 |
2022-02-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. |
7 |
CVE-2009-4484 |
787 |
1
|
DoS Exec Code Overflow Mem. Corr. |
2009-12-30 |
2020-11-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a. |
8 |
CVE-2009-3725 |
264 |
|
+Priv Bypass |
2009-11-06 |
2018-11-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. |
9 |
CVE-2009-3621 |
400 |
|
DoS |
2009-10-22 |
2020-08-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing a series of connect operations to this socket. |
10 |
CVE-2009-3612 |
200 |
|
+Info |
2009-10-19 |
2020-08-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2005-4881. |
11 |
CVE-2009-3555 |
295 |
|
|
2009-11-09 |
2022-08-04 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue. |
12 |
CVE-2009-3547 |
362 |
|
DoS +Priv |
2009-11-04 |
2020-08-12 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname. |
13 |
CVE-2009-3302 |
94 |
|
DoS Exec Code |
2010-02-16 |
2022-02-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." |
14 |
CVE-2009-3301 |
191 |
|
DoS Exec Code |
2010-02-16 |
2022-02-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. |
15 |
CVE-2009-3228 |
909 |
|
+Info |
2009-10-19 |
2020-08-13 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors. |
16 |
CVE-2009-3080 |
129 |
|
DoS +Priv |
2009-11-20 |
2020-09-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. |
17 |
CVE-2009-3002 |
200 |
1
|
+Info |
2009-08-28 |
2018-11-16 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c. |
18 |
CVE-2009-3001 |
200 |
1
|
+Info |
2009-08-28 |
2018-11-16 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket. |
19 |
CVE-2009-2950 |
787 |
|
DoS Exec Code Overflow |
2010-02-16 |
2022-02-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. |
20 |
CVE-2009-2949 |
190 |
|
Exec Code Overflow |
2010-02-16 |
2022-02-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. |
21 |
CVE-2009-2910 |
200 |
|
+Info |
2009-10-20 |
2020-08-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. |
22 |
CVE-2009-2903 |
772 |
|
DoS |
2009-09-15 |
2020-08-06 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams. |
23 |
CVE-2009-2848 |
269 |
|
DoS +Priv Mem. Corr. |
2009-08-18 |
2020-08-28 |
5.9 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Complete |
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. |
24 |
CVE-2009-2698 |
476 |
|
DoS +Priv |
2009-08-27 |
2019-09-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. |
25 |
CVE-2009-2625 |
|
|
DoS |
2009-08-06 |
2022-05-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. |
26 |
CVE-2009-2474 |
326 |
|
|
2009-08-21 |
2020-05-22 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
27 |
CVE-2009-2287 |
476 |
|
DoS |
2009-07-01 |
2020-08-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang) via a crafted cr3 value, which triggers a NULL pointer dereference in the gfn_to_rmap function. |
28 |
CVE-2009-1955 |
|
|
DoS |
2009-06-08 |
2021-06-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564. |
29 |
CVE-2009-1895 |
16 |
|
Bypass |
2009-07-16 |
2018-11-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users to leverage the details of memory usage to (1) conduct NULL pointer dereference attacks, (2) bypass the mmap_min_addr protection mechanism, or (3) defeat address space layout randomization (ASLR). |
30 |
CVE-2009-1888 |
264 |
|
|
2009-06-25 |
2018-11-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. |
31 |
CVE-2009-1633 |
119 |
|
DoS Overflow Mem. Corr. |
2009-05-28 |
2018-11-08 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to Unicode string area alignment in fs/cifs/sess.c; or (2) long Unicode characters, related to fs/cifs/cifssmb.c and the cifs_readdir function in fs/cifs/readdir.c. |
32 |
CVE-2009-1630 |
264 |
|
Bypass |
2009-05-14 |
2020-08-21 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver. |
33 |
CVE-2009-1387 |
476 |
|
DoS |
2009-06-04 |
2022-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug." |
34 |
CVE-2009-1386 |
476 |
|
DoS |
2009-06-04 |
2022-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello. |
35 |
CVE-2009-1378 |
401 |
|
DoS |
2009-05-19 |
2022-02-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." |
36 |
CVE-2009-1270 |
835 |
|
DoS |
2009-04-08 |
2022-02-10 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. |
37 |
CVE-2009-1242 |
20 |
|
DoS |
2009-04-06 |
2020-08-27 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode enable") bit in the Extended Feature Enable Register (EFER) model-specific register, which is specific to the x86_64 platform. |
38 |
CVE-2009-1186 |
120 |
|
DoS Overflow |
2009-04-17 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. |
39 |
CVE-2009-1185 |
346 |
|
+Priv |
2009-04-17 |
2022-06-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. |
40 |
CVE-2009-1072 |
16 |
|
|
2009-03-25 |
2020-09-02 |
4.9 |
None |
Local |
Low |
Not required |
None |
Complete |
None |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option. |
41 |
CVE-2009-0946 |
190 |
|
Exec Code Overflow |
2009-04-17 |
2021-04-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. |
42 |
CVE-2009-0834 |
|
|
Bypass |
2009-03-06 |
2020-08-26 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343. |
43 |
CVE-2009-0385 |
|
|
Exec Code |
2009-02-02 |
2020-11-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference. |
44 |
CVE-2009-0322 |
189 |
|
DoS |
2009-01-28 |
2018-11-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and 2.6.28.x before 2.6.28.2, allows local users to cause a denial of service (system crash) via a read system call that specifies zero bytes from the (1) image_type or (2) packet_size file in /sys/devices/platform/dell_rbu/. |
45 |
CVE-2008-5513 |
79 |
|
XSS Bypass |
2008-12-17 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. |
46 |
CVE-2008-5512 |
264 |
|
|
2008-12-17 |
2018-11-02 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." |
47 |
CVE-2008-5511 |
79 |
|
XSS Bypass |
2008-12-17 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." |
48 |
CVE-2008-5510 |
|
|
Bypass |
2008-12-17 |
2018-11-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. |
49 |
CVE-2008-5508 |
20 |
|
|
2008-12-17 |
2018-11-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. |
50 |
CVE-2008-5507 |
200 |
|
Bypass +Info |
2008-12-17 |
2018-11-08 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. |