Lucene search

K
MozillaFirefox1.0

312 matches found

CVE
CVE
added 2005/05/02 4:0 a.m.66 views

CVE-2005-0399

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer si...

5.1CVSS7AI score0.41278EPSS
CVE
CVE
added 2009/02/04 7:30 p.m.66 views

CVE-2009-0356

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in...

5.1CVSS9.8AI score0.3558EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.66 views

CVE-2009-1310

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

4.3CVSS7.6AI score0.0086EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.66 views

CVE-2010-3770

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that...

4.3CVSS8.2AI score0.0993EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.66 views

CVE-2011-0076

Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.

7.5CVSS9.1AI score0.00391EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.66 views

CVE-2015-0824

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.

5CVSS8.8AI score0.0181EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.65 views

CVE-2005-0401

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling...

5.1CVSS6.7AI score0.03853EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.65 views

CVE-2005-2263

The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the...

5CVSS6.4AI score0.04512EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.65 views

CVE-2006-1740

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site.

2.6CVSS5.9AI score0.0219EPSS
CVE
CVE
added 2007/09/13 6:17 p.m.65 views

CVE-2007-4879

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requ...

5CVSS6.1AI score0.01429EPSS
CVE
CVE
added 2009/03/05 2:30 a.m.65 views

CVE-2009-0777

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

5.8CVSS9.1AI score0.02024EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.65 views

CVE-2015-0829

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

6.8CVSS9.5AI score0.02647EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.64 views

CVE-2005-2270

Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.

7.5CVSS6.7AI score0.36179EPSS
CVE
CVE
added 2007/11/26 11:46 p.m.64 views

CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection...

4.3CVSS6.6AI score0.00686EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.64 views

CVE-2008-5013

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function...

9.3CVSS9.8AI score0.15445EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.64 views

CVE-2009-3079

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

10CVSS7.7AI score0.01603EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.64 views

CVE-2010-3769

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.w...

9.3CVSS9.4AI score0.06364EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.64 views

CVE-2013-0751

Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.

5.8CVSS5.5AI score0.00521EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.64 views

CVE-2015-0826

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operatio...

6.8CVSS9.4AI score0.00796EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.63 views

CVE-2005-0255

String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute...

5CVSS6.9AI score0.07998EPSS
CVE
CVE
added 2005/03/04 5:0 a.m.63 views

CVE-2005-0593

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshak...

2.6CVSS6.2AI score0.01252EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.63 views

CVE-2005-1157

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute mali...

7.5CVSS6.4AI score0.07353EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.63 views

CVE-2005-2266

Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords fro...

5CVSS6.2AI score0.01946EPSS
CVE
CVE
added 2008/02/12 3:0 a.m.63 views

CVE-2008-0420

modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted...

9.3CVSS6.2AI score0.02102EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.63 views

CVE-2012-4206

Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.

6.9CVSS8.2AI score0.00166EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.63 views

CVE-2015-0834

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time wi...

4.3CVSS9AI score0.00587EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.62 views

CVE-2004-1156

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injectio...

4.3CVSS6.2AI score0.01299EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.62 views

CVE-2005-0591

Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."

2.6CVSS6.2AI score0.02392EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.62 views

CVE-2005-1153

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.

7.5CVSS6.7AI score0.05041EPSS
CVE
CVE
added 2005/07/13 4:0 a.m.62 views

CVE-2005-2264

Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.

7.5CVSS6.1AI score0.03226EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.62 views

CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

9.3CVSS7.2AI score0.09676EPSS
CVE
CVE
added 2007/06/20 7:30 p.m.62 views

CVE-2007-3285

Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to treat the requested ...

6.8CVSS9.3AI score0.01765EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.62 views

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web sit...

2.6CVSS9.1AI score0.00305EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.62 views

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLH...

6.8CVSS9.5AI score0.01358EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.61 views

CVE-2005-0232

Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."

2.6CVSS6.2AI score0.01324EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.61 views

CVE-2005-1160

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

5.1CVSS6.6AI score0.04288EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.61 views

CVE-2008-3835

The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.

7.5CVSS9.6AI score0.00434EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.61 views

CVE-2008-3836

feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.

7.5CVSS9.3AI score0.03696EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.61 views

CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted ...

9.3CVSS7.8AI score0.04629EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.61 views

CVE-2010-3181

Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9CVSS6.2AI score0.00056EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.61 views

CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have...

9.3CVSS9.8AI score0.01235EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.61 views

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

4.3CVSS8.8AI score0.00758EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.61 views

CVE-2015-0830

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

5CVSS8.8AI score0.01074EPSS
CVE
CVE
added 2005/03/25 5:0 a.m.60 views

CVE-2005-0592

Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.

7.5CVSS7AI score0.03411EPSS
CVE
CVE
added 2007/02/16 1:28 a.m.60 views

CVE-2007-0981

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to ...

7.5CVSS6.3AI score0.35967EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.60 views

CVE-2011-2980

Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firef...

7.2CVSS8.8AI score0.00056EPSS
CVE
CVE
added 2005/03/23 5:0 a.m.59 views

CVE-2005-0143

Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.

2.6CVSS6.2AI score0.00774EPSS
CVE
CVE
added 2005/02/08 5:0 a.m.59 views

CVE-2005-0231

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."

2.6CVSS6.3AI score0.02663EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.59 views

CVE-2005-0589

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

5CVSS6.3AI score0.00647EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.59 views

CVE-2005-1156

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

7.5CVSS6.7AI score0.06778EPSS
Total number of security vulnerabilities312