Firefox@1.0.6 Security Vulnerabilities and Issues — Page 6 of Firefox@1.0.6 CVE List

Lucene search

MozillaFirefox1.0.6

261 matches found

CVE•added 2007/02/23 2:28 a.m.•48 views

CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

6.8CVSS6.5AI score0.01048EPSS

CVE•added 2011/11/09 11:55 a.m.•48 views

CVE-2011-3652

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.8AI score0.05919EPSS

CVE•added 2006/04/26 8:6 p.m.•47 views

CVE-2006-2057

Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an att...

5CVSS6.9AI score0.00724EPSS

CVE•added 2012/11/21 12:55 p.m.•47 views

CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.

6.8CVSS8.4AI score0.02473EPSS

CVE•added 2011/11/09 11:55 a.m.•46 views

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

5CVSS8.9AI score0.00234EPSS

CVE•added 2011/12/21 4:2 a.m.•45 views

CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other...

6.8CVSS7.2AI score0.01153EPSS

CVE•added 2006/07/06 1:5 a.m.•43 views

CVE-2006-3352

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which th...

6.4CVSS6AI score0.00706EPSS

CVE•added 2009/09/18 10:30 p.m.•42 views

CVE-2008-7244

Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5CVSS6.5AI score0.02598EPSS

CVE•added 2012/10/12 10:44 a.m.•41 views

CVE-2012-4190

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.08531EPSS

CVE•added 2012/10/10 5:55 p.m.•40 views

CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

4CVSS6.3AI score0.0023EPSS

CVE•added 2012/11/21 12:55 p.m.•40 views

CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

6.8CVSS7.5AI score0.01642EPSS

Total number of security vulnerabilities261