Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox2.0

276 matches found

CVE
CVEadded 2009/11/19 12:30 a.m.50 views

CVE-2009-3978

The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CV...

4.3CVSS7.4AI score0.13491EPSS
CVE
CVEadded 2012/11/21 12:55 p.m.50 views

CVE-2012-4210

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via ...

9.3CVSS8.4AI score0.03834EPSS
CVE
CVEadded 2013/04/03 11:56 a.m.50 views

CVE-2013-0790

Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in.

10CVSS7.9AI score0.06334EPSS
CVE
CVEadded 2006/10/05 4:4 a.m.49 views

CVE-2006-5159

Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we me...

7.5CVSS8.6AI score0.07261EPSS
CVE
CVEadded 2011/04/15 8:55 p.m.49 views

CVE-2011-1712

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memor...

4.3CVSS9AI score0.00331EPSS
CVE
CVEadded 2014/04/30 10:49 a.m.49 views

CVE-2014-1527

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

5CVSS8.8AI score0.00846EPSS
CVE
CVEadded 2006/12/20 1:28 a.m.48 views

CVE-2006-6507

Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.

4.3CVSS5.5AI score0.03095EPSS
CVE
CVEadded 2007/02/20 2:28 a.m.48 views

CVE-2007-1004

Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.

4.3CVSS6.6AI score0.00859EPSS
CVE
CVEadded 2007/02/23 2:28 a.m.48 views

CVE-2007-1084

Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

6.8CVSS6.5AI score0.01048EPSS
CVE
CVEadded 2011/11/09 11:55 a.m.48 views

CVE-2011-3652

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.8AI score0.05919EPSS
CVE
CVEadded 2006/12/15 7:28 p.m.47 views

CVE-2006-6585

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later repo...

6.4CVSS6.2AI score0.00377EPSS
CVE
CVEadded 2007/10/12 9:17 p.m.47 views

CVE-2007-5415

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related ...

4.3CVSS5.2AI score0.00254EPSS
CVE
CVEadded 2012/11/21 12:55 p.m.47 views

CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.

6.8CVSS8.4AI score0.02473EPSS
CVE
CVEadded 2007/03/03 8:19 p.m.46 views

CVE-2007-1256

Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.

6.8CVSS6.2AI score0.3435EPSS
CVE
CVEadded 2007/06/06 10:30 a.m.46 views

CVE-2007-3074

Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.

4.3CVSS6.2AI score0.00559EPSS
CVE
CVEadded 2011/11/09 11:55 a.m.46 views

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

5CVSS8.9AI score0.00234EPSS
CVE
CVEadded 2005/08/03 4:0 a.m.45 views

CVE-2005-2429

Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.

5CVSS7.1AI score0.00296EPSS
CVE
CVEadded 2011/12/21 4:2 a.m.45 views

CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other...

6.8CVSS7.2AI score0.01153EPSS
CVE
CVEadded 2006/12/20 1:28 a.m.44 views

CVE-2006-6506

The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.

4.3CVSS5.9AI score0.0245EPSS
CVE
CVEadded 2006/07/06 1:5 a.m.43 views

CVE-2006-3352

Cross-domain vulnerability in Mozilla Firefox allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which th...

6.4CVSS6AI score0.00706EPSS
CVE
CVEadded 2007/06/06 10:30 a.m.42 views

CVE-2007-3072

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.

7.1CVSS6.7AI score0.00436EPSS
CVE
CVEadded 2009/09/18 10:30 p.m.42 views

CVE-2008-7244

Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.

5CVSS6.5AI score0.02598EPSS
CVE
CVEadded 2012/10/12 10:44 a.m.41 views

CVE-2012-4190

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.08531EPSS
CVE
CVEadded 2012/10/10 5:55 p.m.40 views

CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

4CVSS6.3AI score0.0023EPSS
CVE
CVEadded 2012/11/21 12:55 p.m.40 views

CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

6.8CVSS7.5AI score0.01642EPSS
CVE
CVEadded 2007/10/14 7:17 p.m.36 views

CVE-2007-5459

Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00475EPSS
Total number of security vulnerabilities276