Firefox@2.0.0.3 Security Vulnerabilities and Issues — Firefox@2.0.0.3 CVE List

Lucene search

MozillaFirefox2.0.0.3

22 matches found

CVE•added 2008/09/24 8:37 p.m.•198 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

7.5CVSS9.6AI score0.02918EPSS

CVE•added 2008/06/19 9:41 p.m.•91 views

CVE-2008-2785

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code vi...

9.3CVSS9.2AI score0.0952EPSS

CVE•added 2008/11/13 11:30 a.m.•85 views

CVE-2008-5012

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are not ...

5CVSS9.7AI score0.03476EPSS

CVE•added 2008/07/07 11:41 p.m.•78 views

CVE-2008-2798

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

10CVSS7.9AI score0.09471EPSS

CVE•added 2008/07/07 11:41 p.m.•77 views

CVE-2008-2799

10CVSS7.9AI score0.08431EPSS

CVE•added 2008/07/07 11:41 p.m.•77 views

CVE-2008-2811

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, rela...

10CVSS7.8AI score0.26861EPSS

CVE•added 2008/07/07 11:41 p.m.•76 views

CVE-2008-2802

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

7.5CVSS7.5AI score0.06797EPSS

CVE•added 2008/12/17 11:30 p.m.•76 views

CVE-2008-5504

Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.

7.5CVSS9.3AI score0.03696EPSS

CVE•added 2008/07/08 11:41 p.m.•75 views

CVE-2008-2809

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accep...

4CVSS6.4AI score0.01957EPSS

CVE•added 2008/07/07 11:41 p.m.•73 views

CVE-2008-2803

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote atta...

6.8CVSS7.5AI score0.06393EPSS

CVE•added 2008/07/17 1:41 p.m.•73 views

CVE-2008-2933

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely han...

2.6CVSS8.8AI score0.52924EPSS

CVE•added 2008/12/17 11:30 p.m.•73 views

CVE-2008-5503

The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL b...

2.6CVSS9.6AI score0.00842EPSS

CVE•added 2008/07/07 11:41 p.m.•71 views

CVE-2008-2807

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.

5CVSS6.4AI score0.01628EPSS

CVE•added 2008/07/07 11:41 p.m.•68 views

CVE-2008-2810

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.

6.8CVSS6.4AI score0.00933EPSS

CVE•added 2008/03/27 10:44 a.m.•67 views

CVE-2008-1235

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."

9.3CVSS9.8AI score0.19121EPSS

CVE•added 2008/04/17 7:5 p.m.•65 views

CVE-2008-1380

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-200...

9.3CVSS6.8AI score0.28837EPSS

CVE•added 2008/11/13 11:30 a.m.•64 views

CVE-2008-5013

Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function...

9.3CVSS9.8AI score0.15445EPSS

CVE•added 2008/07/07 11:41 p.m.•59 views

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onready...

4.3CVSS6AI score0.02008EPSS

CVE•added 2008/07/07 11:41 p.m.•57 views

CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

7.5CVSS7.8AI score0.03972EPSS

CVE•added 2008/07/07 11:41 p.m.•54 views

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.

5CVSS6.6AI score0.02196EPSS

CVE•added 2008/07/07 11:41 p.m.•54 views

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

7.5CVSS6.3AI score0.00923EPSS

CVE•added 2008/07/07 11:41 p.m.•50 views

CVE-2008-2808

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

4.3CVSS6.1AI score0.02079EPSS