Filtered by vendor Mozilla
Subscribe
Total
2889 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3380 | 1 Mozilla | 1 Firefox | 2024-02-04 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-1305 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 5.0 MEDIUM | N/A |
| The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute. | |||||
| CVE-2008-5018 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2024-02-04 | 10.0 HIGH | N/A |
| The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class. | |||||
| CVE-2007-5415 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414. | |||||
| CVE-2008-0594 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. | |||||
| CVE-2007-3827 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.0 MEDIUM | N/A |
| Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window. | |||||
| CVE-2007-3737 | 1 Mozilla | 1 Firefox | 2024-02-04 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." | |||||
| CVE-2008-0304 | 3 Linux, Microsoft, Mozilla | 4 Linux Kernel, Windows, Seamonkey and 1 more | 2024-02-04 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. | |||||
| CVE-2007-3736 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. | |||||
| CVE-2007-5045 | 2 Apple, Mozilla | 2 Quicktime, Firefox | 2024-02-04 | 9.3 HIGH | N/A |
| Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670. | |||||
| CVE-2007-5414 | 1 Mozilla | 1 Firefox | 2024-02-04 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. | |||||
| CVE-2007-5338 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | |||||
| CVE-2008-0414 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." | |||||
| CVE-2007-5274 | 3 Mozilla, Opera, Sun | 5 Firefox, Opera Browser, Jdk and 2 more | 2024-02-04 | 2.6 LOW | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | |||||
| CVE-2007-5959 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. | |||||
| CVE-2008-0593 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 4.3 MEDIUM | N/A |
| Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. | |||||
| CVE-2008-0417 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | |||||
| CVE-2008-0419 | 1 Mozilla | 2 Firefox, Seamonkey | 2024-02-04 | 9.3 HIGH | N/A |
| Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. | |||||
| CVE-2007-5691 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | N/A |
| ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer." | |||||
| CVE-2008-0415 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2024-02-04 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs." | |||||