VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,178)

  • CVE-2007-3734Jul 18, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

  • CVE-2007-3735Jul 18, 2007
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption.

  • CVE-2007-3736Jul 18, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that…

  • CVE-2007-3738Jul 18, 2007
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.

  • CVE-2007-3737Jul 18, 2007
    risk 0.00cvss epss 0.05

    Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."

  • CVE-2007-3827Jul 17, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a…

  • CVE-2007-3657Jul 10, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.4 allows remote attackers to cause a denial of service by opening multiple tabs in a popup window. NOTE: this issue has been disputed by third party researchers, stating that "this does not crash on me, and I can't see a likely mechanism of action that…

  • CVE-2007-3656Jul 10, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not perform a security zone check when processing a wyciwyg URI, which allows remote attackers to obtain sensitive information, poison the browser cache, and possibly enable further attack vectors via (1) HTTP 302…

  • CVE-2007-3511Jul 3, 2007
    risk 0.00cvss epss 0.02

    The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus…

  • CVE-2007-3285Jun 20, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote attackers to bypass file type checks and possibly execute programs via a (1) file:/// or (2) resource: URI with a dangerous extension, followed by a NULL byte (%00) and a safer extension, which causes Firefox to…

  • CVE-2007-3089Jun 6, 2007
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code…

  • CVE-2007-3072Jun 6, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.

  • CVE-2007-3073Jun 6, 2007
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI.

  • CVE-2007-3074Jun 6, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.

  • CVE-2007-2869Jun 1, 2007
    risk 0.00cvss epss 0.02

    The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.

  • CVE-2007-2867Jun 1, 2007
    risk 0.00cvss epss 0.03

    Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related…

  • CVE-2007-2868Jun 1, 2007
    risk 0.00cvss epss 0.05

    Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly…

  • CVE-2007-2871Jun 1, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for…

  • CVE-2007-2870Jun 1, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a…

  • CVE-2007-2176Apr 24, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

Page 150 of 159