rpm package
opensuse/firefox-esr&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-0417 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 8, 2008 | CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | ||
| CVE-2008-0415 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript p | ||
| CVE-2008-0414 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." | ||
| CVE-2008-0412 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 8, 2008 | The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) | ||
| CVE-2007-3738 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jul 18, 2007 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. | ||
| CVE-2007-3737 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jul 18, 2007 | Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." | ||
| CVE-2007-3736 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jul 18, 2007 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that acti | ||
| CVE-2007-3735 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jul 18, 2007 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | ||
| CVE-2007-3734 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jul 18, 2007 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | ||
| CVE-2007-3670 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jul 10, 2007 | Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) Firefox | ||
| CVE-2007-3656 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jul 10, 2007 | Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 re | ||
| CVE-2007-3285 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 20, 2007 | Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to t | ||
| CVE-2007-3089 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jun 6, 2007 | Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code tha | ||
| CVE-2007-0996 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 27, 2007 | The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | ||
| CVE-2007-0780 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 26, 2007 | browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a java | ||
| CVE-2007-0009 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 26, 2007 | Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, | ||
| CVE-2007-0008 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 26, 2007 | Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows rem | ||
| CVE-2007-0995 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 26, 2007 | Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions. | ||
| CVE-2007-0777 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 26, 2007 | The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corrup | ||
| CVE-2007-0776 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 26, 2007 | Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. |
- CVE-2008-0417Feb 8, 2008affected < 128.5.1-1.1fixed 128.5.1-1.1
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
- CVE-2008-0415Feb 8, 2008affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript p
- CVE-2008-0414Feb 8, 2008affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
- CVE-2008-0412Feb 8, 2008affected < 128.5.1-1.1fixed 128.5.1-1.1
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2)
- CVE-2007-3738Jul 18, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.
- CVE-2007-3737Jul 18, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
- CVE-2007-3736Jul 18, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that acti
- CVE-2007-3735Jul 18, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
- CVE-2007-3734Jul 18, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.
- CVE-2007-3670Jul 10, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) Firefox
- CVE-2007-3656Jul 10, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302 re
- CVE-2007-3285Jun 20, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to t
- CVE-2007-3089Jun 6, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code tha
- CVE-2007-0996Feb 27, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.
- CVE-2007-0780Feb 26, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a java
- CVE-2007-0009Feb 26, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611,
- CVE-2007-0008Feb 26, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows rem
- CVE-2007-0995Feb 26, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
- CVE-2007-0777Feb 26, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corrup
- CVE-2007-0776Feb 26, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
Page 105 of 106