Total
707 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1095 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 6.8 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | |||||
CVE-2007-1092 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 9.3 HIGH | N/A |
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects. | |||||
CVE-2007-0996 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 5.8 MEDIUM | N/A |
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | |||||
CVE-2007-0995 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions. | |||||
CVE-2007-0981 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 7.5 HIGH | N/A |
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. | |||||
CVE-2007-0779 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-16 | 6.4 MEDIUM | N/A |
GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. | |||||
CVE-2007-0776 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-16 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. | |||||
CVE-2007-0775 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-16 | 3.7 LOW | N/A |
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors. | |||||
CVE-2007-0008 | 1 Mozilla | 4 Firefox, Network Security Services, Seamonkey and 1 more | 2018-10-16 | 6.8 MEDIUM | N/A |
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. | |||||
CVE-2008-0593 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 4.3 MEDIUM | N/A |
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. | |||||
CVE-2008-0592 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. | |||||
CVE-2008-0420 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-15 | 9.3 HIGH | N/A |
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. NOTE: the initial public reports stated that this affected Firefox in Ubuntu 6.06 through 7.10. | |||||
CVE-2008-0419 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 9.3 HIGH | N/A |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. | |||||
CVE-2008-0418 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-15 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | |||||
CVE-2007-5959 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 9.3 HIGH | N/A |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. | |||||
CVE-2007-5947 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 4.3 MEDIUM | N/A |
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | |||||
CVE-2007-5338 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 9.3 HIGH | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | |||||
CVE-2007-5337 | 3 Gnome, Linux, Mozilla | 4 Gnome-vfs, Linux Kernel, Firefox and 1 more | 2018-10-15 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | |||||
CVE-2007-5334 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-15 | 4.3 MEDIUM | N/A |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. | |||||
CVE-2007-3844 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-15 | 4.3 MEDIUM | N/A |
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression. |