Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
MozillaFirefox

15 matches found

CVE
CVEadded 2008/07/07 11:41 p.m.82 views

CVE-2008-2798

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.

10CVSS7.9AI score0.09471EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.81 views

CVE-2008-2799

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

10CVSS7.9AI score0.08431EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.81 views

CVE-2008-2811

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, rela...

10CVSS7.8AI score0.26861EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.80 views

CVE-2008-2802

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

7.5CVSS7.5AI score0.06797EPSS
CVE
CVEadded 2008/07/08 11:41 p.m.79 views

CVE-2008-2809

Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accep...

4CVSS6.4AI score0.01957EPSS
CVE
CVEadded 2008/07/17 1:41 p.m.78 views

CVE-2008-2933

Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely han...

2.6CVSS8.8AI score0.47836EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.77 views

CVE-2008-2803

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote atta...

6.8CVSS7.5AI score0.06393EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.76 views

CVE-2008-2807

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.

5CVSS6.4AI score0.01628EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.73 views

CVE-2008-2810

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.

6.8CVSS6.4AI score0.00933EPSS
CVE
CVEadded 2008/07/17 1:41 p.m.64 views

CVE-2008-3198

Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933.

7.5CVSS7.6AI score0.07092EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.63 views

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onready...

4.3CVSS6AI score0.02008EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.61 views

CVE-2008-2801

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.

7.5CVSS7.8AI score0.03972EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.58 views

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.

5CVSS6.6AI score0.02196EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.55 views

CVE-2008-2806

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect.

7.5CVSS6.3AI score0.00923EPSS
CVE
CVEadded 2008/07/07 11:41 p.m.54 views

CVE-2008-2808

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

4.3CVSS6.1AI score0.02079EPSS