Lucene search

K
MozillaFirefox1.0

312 matches found

CVE
CVE
added 2009/02/04 7:30 p.m.72 views

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly prote...

5CVSS9.1AI score0.00798EPSS
CVE
CVE
added 2009/12/17 5:30 p.m.72 views

CVE-2009-3981

Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.9AI score0.0387EPSS
CVE
CVE
added 2009/12/17 5:30 p.m.72 views

CVE-2009-3984

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty b...

6.8CVSS9.5AI score0.02583EPSS
CVE
CVE
added 2010/09/09 7:0 p.m.72 views

CVE-2010-3166

Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.

9.3CVSS9AI score0.05856EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.72 views

CVE-2010-3177

Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.

4.3CVSS7.6AI score0.00722EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.72 views

CVE-2010-3768

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via v...

9.3CVSS9.6AI score0.06823EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.72 views

CVE-2011-0071

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.

5CVSS9.2AI score0.01674EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.72 views

CVE-2012-3958

Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a de...

10CVSS9.4AI score0.02127EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.71 views

CVE-2005-0233

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which ...

7.5CVSS6.2AI score0.08584EPSS
CVE
CVE
added 2005/09/23 7:3 p.m.71 views

CVE-2005-2705

Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.

7.5CVSS7.2AI score0.06958EPSS
CVE
CVE
added 2006/02/02 8:6 p.m.71 views

CVE-2006-0292

The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

7.5CVSS7.3AI score0.10389EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.71 views

CVE-2006-1723

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ...

7.5CVSS7.4AI score0.30625EPSS
CVE
CVE
added 2006/06/02 7:2 p.m.71 views

CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation,...

9.3CVSS7.5AI score0.23286EPSS
CVE
CVE
added 2006/06/02 9:6 p.m.71 views

CVE-2006-2788

Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.

7.5CVSS7.5AI score0.08288EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.71 views

CVE-2009-2462

The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion an...

10CVSS8.6AI score0.05328EPSS
CVE
CVE
added 2011/03/02 8:0 p.m.71 views

CVE-2011-0058

Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.

10CVSS9.6AI score0.05884EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.70 views

CVE-2005-2267

Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone applicatio...

7.5CVSS6.9AI score0.05043EPSS
CVE
CVE
added 2006/06/02 6:2 p.m.70 views

CVE-2006-2776

Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended.

7.5CVSS6.6AI score0.31164EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.70 views

CVE-2009-1312

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. ...

4.3CVSS8.4AI score0.06172EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.70 views

CVE-2009-3078

Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

5CVSS7.3AI score0.01724EPSS
CVE
CVE
added 2010/04/05 5:30 p.m.70 views

CVE-2010-0176

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors th...

9.3CVSS9.5AI score0.06167EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.70 views

CVE-2011-2377

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.

5CVSS9.9AI score0.04613EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.70 views

CVE-2012-1956

Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving ...

4.3CVSS8.2AI score0.00743EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.69 views

CVE-2005-1159

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to...

7.5CVSS6.9AI score0.0369EPSS
CVE
CVE
added 2006/02/02 8:6 p.m.69 views

CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

5CVSS6.9AI score0.41202EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.69 views

CVE-2006-1529

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the ...

7.5CVSS7.4AI score0.30625EPSS
CVE
CVE
added 2007/07/10 7:30 p.m.69 views

CVE-2007-3656

Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 redirect controls, (2...

6.8CVSS9.2AI score0.0519EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.69 views

CVE-2009-2471

The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.

10CVSS9.2AI score0.02242EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.69 views

CVE-2009-3074

Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.06707EPSS
CVE
CVE
added 2010/09/09 7:0 p.m.69 views

CVE-2010-2763

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox before 3.5.12, Thunderbird before 3.0.7, and SeaMonkey before 2.0.7 does not properly restrict scripted functions, which allows remote attackers to bypass the Same Origin Policy and conduct cros...

4.3CVSS7.7AI score0.00528EPSS
CVE
CVE
added 2011/06/30 3:55 p.m.69 views

CVE-2011-2366

Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader.

4.3CVSS6.4AI score0.00606EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.69 views

CVE-2011-2605

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a...

4.3CVSS9.3AI score0.04001EPSS
CVE
CVE
added 2012/02/01 4:55 p.m.69 views

CVE-2011-3670

Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and readin...

5CVSS9AI score0.00725EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.69 views

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_pa...

7.5CVSS9.8AI score0.01442EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.69 views

CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS9AI score0.00135EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.68 views

CVE-2005-0586

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.

2.6CVSS6.2AI score0.00689EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.68 views

CVE-2005-2265

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.

5CVSS6.7AI score0.82043EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.68 views

CVE-2005-2268

Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."

2.6CVSS6.2AI score0.02156EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.68 views

CVE-2009-1835

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://exampl...

4.3CVSS7.2AI score0.01506EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.68 views

CVE-2011-2375

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.02013EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.68 views

CVE-2011-3648

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.

4.3CVSS7.8AI score0.00338EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.67 views

CVE-2006-1731

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote atta...

4.3CVSS5.4AI score0.02816EPSS
CVE
CVE
added 2006/06/02 6:2 p.m.67 views

CVE-2006-2777

Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context.

7.5CVSS7.1AI score0.35105EPSS
CVE
CVE
added 2008/03/27 10:44 a.m.67 views

CVE-2008-1235

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

9.3CVSS9.8AI score0.19121EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.67 views

CVE-2009-2465

Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell....

10CVSS8.8AI score0.06139EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.67 views

CVE-2009-3070

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS8.7AI score0.04267EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.67 views

CVE-2010-3773

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbi...

6.8CVSS9.4AI score0.01245EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.67 views

CVE-2011-2370

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.

5CVSS9.1AI score0.00309EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.67 views

CVE-2011-3647

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrappin...

9.3CVSS9.3AI score0.00746EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.67 views

CVE-2015-0833

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working direct...

6.9CVSS9.1AI score0.00052EPSS
Total number of security vulnerabilities312