rpm package
opensuse/firefox-esr&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-0775 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 26, 2007 | Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via cert | ||
| CVE-2007-0981 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 16, 2007 | Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DO | ||
| CVE-2007-0800 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 7, 2007 | Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. | ||
| CVE-2007-0079 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jan 5, 2007 | rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb. | ||
| CVE-2007-0078 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Jan 5, 2007 | BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb. | ||
| CVE-2006-6077 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Nov 24, 2006 | The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the |
- CVE-2007-0775Feb 26, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via cert
- CVE-2007-0981Feb 16, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DO
- CVE-2007-0800Feb 7, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.
- CVE-2007-0079Jan 5, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.
- CVE-2007-0078Jan 5, 2007affected < 128.5.1-1.1fixed 128.5.1-1.1
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.
- CVE-2006-6077Nov 24, 2006affected < 128.5.1-1.1fixed 128.5.1-1.1
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the
Page 106 of 106