Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-4685 | 0.00 | — | 0.01 | Dec 31, 2005 | Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the… | |||
| CVE-2005-3089 | 0.00 | — | 0.02 | Sep 28, 2005 | Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability. | |||
| CVE-2005-2706 | 0.00 | — | 0.03 | Sep 23, 2005 | Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. | |||
| CVE-2005-2707 | 0.00 | — | 0.02 | Sep 23, 2005 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | |||
| CVE-2005-2703 | 0.00 | — | 0.02 | Sep 23, 2005 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | |||
| CVE-2005-2702 | 0.00 | — | 0.04 | Sep 23, 2005 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||
| CVE-2005-2704 | 0.00 | — | 0.02 | Sep 23, 2005 | Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. | |||
| CVE-2005-2705 | 0.00 | — | 0.04 | Sep 23, 2005 | Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | |||
| CVE-2005-2602 | 0.00 | — | 0.02 | Aug 17, 2005 | Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks. | |||
| CVE-2005-2429 | 0.00 | — | 0.01 | Aug 3, 2005 | Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. | |||
| CVE-2005-2395 | 0.00 | — | 0.02 | Jul 27, 2005 | Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. | |||
| CVE-2005-2269 | 0.00 | — | 0.06 | Jul 13, 2005 | Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary… | |||
| CVE-2005-2268 | 0.00 | — | 0.03 | Jul 13, 2005 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing… | |||
| CVE-2005-2261 | 0.00 | — | 0.04 | Jul 13, 2005 | Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | |||
| CVE-2005-2260 | 0.00 | — | 0.03 | Jul 13, 2005 | The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally… | |||
| CVE-2005-2263 | 0.00 | — | 0.03 | Jul 13, 2005 | The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run… | |||
| CVE-2005-2267 | 0.00 | — | 0.04 | Jul 13, 2005 | Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the… | |||
| CVE-2005-2270 | 0.00 | — | 0.06 | Jul 13, 2005 | Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object. | |||
| CVE-2005-2264 | 0.00 | — | 0.03 | Jul 13, 2005 | Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL. | |||
| CVE-2005-2266 | 0.00 | — | 0.02 | Jul 13, 2005 | Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as… |
- CVE-2005-4685Dec 31, 2005risk 0.00cvss —epss 0.01
Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the…
- CVE-2005-3089Sep 28, 2005risk 0.00cvss —epss 0.02
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.
- CVE-2005-2706Sep 23, 2005risk 0.00cvss —epss 0.03
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
- CVE-2005-2707Sep 23, 2005risk 0.00cvss —epss 0.02
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
- CVE-2005-2703Sep 23, 2005risk 0.00cvss —epss 0.02
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting.
- CVE-2005-2702Sep 23, 2005risk 0.00cvss —epss 0.04
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
- CVE-2005-2704Sep 23, 2005risk 0.00cvss —epss 0.02
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
- CVE-2005-2705Sep 23, 2005risk 0.00cvss —epss 0.04
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
- CVE-2005-2602Aug 17, 2005risk 0.00cvss —epss 0.02
Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to obfuscate URIs via a long URI, which causes the address bar to go blank and could facilitate phishing attacks.
- CVE-2005-2429Aug 3, 2005risk 0.00cvss —epss 0.01
Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.
- CVE-2005-2395Jul 27, 2005risk 0.00cvss —epss 0.02
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
- CVE-2005-2269Jul 13, 2005risk 0.00cvss —epss 0.06
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary…
- CVE-2005-2268Jul 13, 2005risk 0.00cvss —epss 0.03
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing…
- CVE-2005-2261Jul 13, 2005risk 0.00cvss —epss 0.04
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
- CVE-2005-2260Jul 13, 2005risk 0.00cvss —epss 0.03
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally…
- CVE-2005-2263Jul 13, 2005risk 0.00cvss —epss 0.03
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run…
- CVE-2005-2267Jul 13, 2005risk 0.00cvss —epss 0.04
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the…
- CVE-2005-2270Jul 13, 2005risk 0.00cvss —epss 0.06
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
- CVE-2005-2264Jul 13, 2005risk 0.00cvss —epss 0.03
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.
- CVE-2005-2266Jul 13, 2005risk 0.00cvss —epss 0.02
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as…
Page 156 of 159