VYPR

apk package

wolfi/firefox

pkg:apk/wolfi/firefox

Vulnerabilities (490)

  • CVE-2009-1597May 11, 2009
    affected < 0fixed 0

    Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document obj

  • CVE-2008-4059Sep 24, 2008
    affected < 136.0.3-r0fixed 136.0.3-r0

    The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

  • CVE-2007-6715Apr 17, 2008
    affected < 0fixed 0

    Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

  • CVE-2007-4013Jul 26, 2007
    affected < 0fixed 0

    Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gate

  • CVE-2007-3827Jul 17, 2007
    affected < 0fixed 0

    Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript

  • CVE-2007-3670Jul 10, 2007
    affected < 0fixed 0

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) Firefox

  • CVE-2007-2176Apr 24, 2007
    affected < 0fixed 0

    Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

  • CVE-2007-1970Apr 11, 2007
    affected < 0fixed 0

    Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

  • CVE-2007-0896Feb 13, 2007
    affected < 0fixed 0

    Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

  • CVE-2003-1492Dec 31, 2003
    affected < 0fixed 0

    Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

Page 25 of 25