VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,178)

  • CVE-2007-2162Apr 22, 2007
    risk 0.00cvss epss 0.01

    (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

  • CVE-2007-1970Apr 11, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

  • CVE-2007-1762Mar 30, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.

  • CVE-2007-1736Mar 28, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

  • CVE-2007-0994Mar 6, 2007
    risk 0.00cvss epss 0.03

    A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or…

  • CVE-2007-1256Mar 3, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of…

  • CVE-2007-0996Feb 27, 2007
    risk 0.00cvss epss 0.02

    The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

  • CVE-2007-1116Feb 26, 2007
    risk 0.00cvss epss 0.01

    The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.

  • CVE-2007-0780Feb 26, 2007
    risk 0.00cvss epss 0.02

    browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a…

  • CVE-2007-0778Feb 26, 2007
    risk 0.00cvss epss 0.03

    The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further…

  • CVE-2007-0008Feb 26, 2007
    risk 0.00cvss epss 0.04

    Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows…

  • CVE-2007-0779Feb 26, 2007
    risk 0.00cvss epss 0.02

    GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large,…

  • CVE-2007-0995Feb 26, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

  • CVE-2007-0775Feb 26, 2007
    risk 0.00cvss epss 0.01

    Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via…

  • CVE-2007-1095Feb 26, 2007
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

  • CVE-2007-1084Feb 23, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

  • CVE-2007-1004Feb 20, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.

  • CVE-2007-0800Feb 7, 2007
    risk 0.00cvss epss 0.02

    Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup.

  • CVE-2007-0801Feb 7, 2007
    risk 0.00cvss epss 0.02

    The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.

  • CVE-2006-6971Feb 7, 2007
    risk 0.00cvss epss 0.01

    Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer…

Page 151 of 159