Firefox Security Vulnerabilities and Issues — Firefox CVE List

Lucene search

MozillaFirefox

11 matches found

CVE•added 2007/10/21 8:17 p.m.•81 views

CVE-2007-5334

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

4.3CVSS6.2AI score0.11557EPSS

CVE•added 2007/10/21 7:17 p.m.•81 views

CVE-2007-5340

Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

4.3CVSS6.5AI score0.1475EPSS

CVE•added 2007/10/24 11:0 p.m.•80 views

CVE-2003-1492

Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

5CVSS6.5AI score0.00235EPSS

CVE•added 2007/10/21 7:17 p.m.•80 views

CVE-2007-5339

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.

4.3CVSS6.8AI score0.20176EPSS

CVE•added 2007/10/21 8:17 p.m.•76 views

CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs w...

4.3CVSS6.5AI score0.01383EPSS

CVE•added 2007/10/21 8:17 p.m.•70 views

CVE-2007-5338

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

9.3CVSS7.1AI score0.03299EPSS

CVE•added 2007/10/24 12:46 a.m.•54 views

CVE-2007-5335

Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs.

4.3CVSS5.8AI score0.00705EPSS

CVE•added 2007/10/12 9:17 p.m.•47 views

CVE-2007-5415

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related ...

4.3CVSS5.2AI score0.00254EPSS

CVE•added 2007/10/12 9:17 p.m.•41 views

CVE-2007-5414

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a ...

2.6CVSS5.2AI score0.00254EPSS

CVE•added 2007/10/14 7:17 p.m.•36 views

CVE-2007-5459

Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.7AI score0.00475EPSS

CVE•added 2007/10/29 7:46 p.m.•36 views

CVE-2007-5691

ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer."

4.3CVSS6.5AI score0.00632EPSS