Lucene search

K
MozillaFirefox3.0

247 matches found

CVE
CVE
added 2015/02/25 11:59 a.m.69 views

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_pa...

7.5CVSS9.8AI score0.01442EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.69 views

CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS9AI score0.00135EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.68 views

CVE-2009-1835

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://exampl...

4.3CVSS7.2AI score0.01506EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.68 views

CVE-2009-1840

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web scrip...

9.3CVSS7.2AI score0.01388EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.68 views

CVE-2011-2375

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.02013EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.68 views

CVE-2011-3648

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.

4.3CVSS7.8AI score0.00338EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.67 views

CVE-2008-4063

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsCon...

9.3CVSS10AI score0.02851EPSS
CVE
CVE
added 2009/07/22 6:30 p.m.67 views

CVE-2009-2465

Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell....

10CVSS8.8AI score0.06139EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.67 views

CVE-2009-3070

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS8.7AI score0.04267EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.67 views

CVE-2010-3773

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbi...

6.8CVSS9.4AI score0.01245EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.67 views

CVE-2011-2370

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.

5CVSS9.1AI score0.00309EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.67 views

CVE-2011-3647

The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrappin...

9.3CVSS9.3AI score0.00746EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.67 views

CVE-2015-0833

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working direct...

6.9CVSS9.1AI score0.00052EPSS
CVE
CVE
added 2008/06/19 9:41 p.m.66 views

CVE-2008-2786

Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.

10CVSS6.7AI score0.0952EPSS
CVE
CVE
added 2009/02/04 7:30 p.m.66 views

CVE-2009-0356

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in...

5.1CVSS9.8AI score0.3558EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.66 views

CVE-2009-1310

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

4.3CVSS7.6AI score0.0086EPSS
CVE
CVE
added 2010/03/25 9:0 p.m.66 views

CVE-2010-0169

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to t...

5CVSS7.6AI score0.00424EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.66 views

CVE-2010-3770

Multiple cross-site scripting (XSS) vulnerabilities in the rendering engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, allow remote attackers to inject arbitrary web script or HTML via (1) x-mac-arabic, (2) x-mac-farsi, or (3) x-mac-hebrew characters that...

4.3CVSS8.2AI score0.0993EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.66 views

CVE-2011-0076

Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.

7.5CVSS9.1AI score0.00391EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.66 views

CVE-2015-0824

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.

5CVSS8.8AI score0.0181EPSS
CVE
CVE
added 2009/03/05 2:30 a.m.65 views

CVE-2009-0777

Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.

5.8CVSS9.1AI score0.02024EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.65 views

CVE-2009-3370

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

5CVSS5.7AI score0.00556EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.65 views

CVE-2015-0829

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

6.8CVSS9.5AI score0.02647EPSS
CVE
CVE
added 2009/02/04 7:30 p.m.64 views

CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval...

2.6CVSS8.4AI score0.00582EPSS
CVE
CVE
added 2009/09/10 9:30 p.m.64 views

CVE-2009-3079

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

10CVSS7.7AI score0.01603EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.64 views

CVE-2009-3375

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.

4.3CVSS6.8AI score0.00462EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.64 views

CVE-2010-3769

The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.w...

9.3CVSS9.4AI score0.06364EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.64 views

CVE-2013-0751

Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.

5.8CVSS5.5AI score0.00521EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.64 views

CVE-2015-0826

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operatio...

6.8CVSS9.4AI score0.00796EPSS
CVE
CVE
added 2009/04/02 5:30 p.m.63 views

CVE-2009-1232

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected.

4.3CVSS6.4AI score0.19119EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.63 views

CVE-2012-4206

Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.

6.9CVSS8.2AI score0.00166EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.63 views

CVE-2015-0834

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time wi...

4.3CVSS9AI score0.00587EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.62 views

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web sit...

2.6CVSS9.1AI score0.00305EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.62 views

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLH...

6.8CVSS9.5AI score0.01358EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.61 views

CVE-2008-5015

Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privileges via malicious code in a file that has alrea...

5.1CVSS9.4AI score0.05714EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.61 views

CVE-2009-1838

The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted ...

9.3CVSS7.8AI score0.04629EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.61 views

CVE-2009-3373

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS7.6AI score0.13491EPSS
CVE
CVE
added 2010/10/21 7:0 p.m.61 views

CVE-2010-3181

Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory.

6.9CVSS6.2AI score0.00056EPSS
CVE
CVE
added 2011/11/09 11:55 a.m.61 views

CVE-2011-3650

Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have...

9.3CVSS9.8AI score0.01235EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.61 views

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

4.3CVSS8.8AI score0.00758EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.61 views

CVE-2015-0830

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

5CVSS8.8AI score0.01074EPSS
CVE
CVE
added 2008/07/17 1:41 p.m.60 views

CVE-2008-3198

Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.

7.5CVSS7.6AI score0.07092EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.60 views

CVE-2008-5505

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.

5CVSS9.6AI score0.00833EPSS
CVE
CVE
added 2009/02/04 7:30 p.m.60 views

CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of...

3.3CVSS8.5AI score0.00192EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.60 views

CVE-2009-1304

The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definit...

5CVSS9.2AI score0.0502EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.60 views

CVE-2009-3372

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

9.3CVSS7.2AI score0.01985EPSS
CVE
CVE
added 2010/03/25 9:0 p.m.60 views

CVE-2010-0167

The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors ...

9.3CVSS9.5AI score0.22871EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.60 views

CVE-2011-2980

Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firef...

7.2CVSS8.8AI score0.00056EPSS
CVE
CVE
added 2009/08/04 4:30 p.m.59 views

CVE-2009-2664

The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE:...

5CVSS8.1AI score0.03012EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.59 views

CVE-2009-3374

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execut...

7.5CVSS7.2AI score0.00887EPSS
Total number of security vulnerabilities247