Firefox Security Vulnerabilities and Issues — Firefox CVE List

Lucene search

MozillaFirefox

8 matches found

CVE•added 2009/02/20 7:30 p.m.•266 views

CVE-2009-0652

The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by...

5.8CVSS7.8AI score0.08584EPSS

CVE•added 2009/02/04 7:30 p.m.•78 views

CVE-2009-0352

Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engin...

10CVSS10AI score0.08533EPSS

CVE•added 2009/02/04 7:30 p.m.•72 views

CVE-2009-0355

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.

5.4CVSS9AI score0.01804EPSS

CVE•added 2009/02/04 7:30 p.m.•72 views

CVE-2009-0357

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly prote...

5CVSS9.1AI score0.00798EPSS

CVE•added 2009/02/04 7:30 p.m.•71 views

CVE-2009-0353

Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine.

10CVSS9.9AI score0.0678EPSS

CVE•added 2009/02/04 7:30 p.m.•66 views

CVE-2009-0356

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in...

5.1CVSS9.8AI score0.3558EPSS

CVE•added 2009/02/04 7:30 p.m.•64 views

CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval...

2.6CVSS8.4AI score0.00582EPSS

CVE•added 2009/02/04 7:30 p.m.•60 views

CVE-2009-0358

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of...

3.3CVSS8.5AI score0.00192EPSS