Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2419 | 0.04 | — | 0.07 | May 23, 2008 | Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated… | |||
| CVE-2008-0418 | 0.04 | — | 0.09 | Feb 8, 2008 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated… | |||
| CVE-2007-1362 | 0.04 | — | 0.08 | Jun 1, 2007 | Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name… | |||
| CVE-2007-1562 | 0.04 | — | 0.14 | Mar 21, 2007 | The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP… | |||
| CVE-2007-0009 | 0.04 | — | 0.50 | Feb 26, 2007 | Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611,… | |||
| CVE-2007-0981 | 0.04 | — | 0.12 | Feb 16, 2007 | Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname)… | |||
| CVE-2006-5633 | 0.04 | — | 0.07 | Oct 31, 2006 | Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a… | |||
| CVE-2006-4253 | 0.04 | — | 0.14 | Aug 21, 2006 | Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to… | |||
| CVE-2006-2894 | 0.04 | — | 0.10 | Jun 7, 2006 | Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target… | |||
| CVE-2005-4720 | 0.04 | — | 0.08 | Dec 31, 2005 | Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite… | |||
| CVE-2005-4134 | 0.04 | — | 0.13 | Dec 9, 2005 | Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during… | |||
| CVE-2005-2968 | 0.04 | — | 0.11 | Sep 20, 2005 | Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | |||
| CVE-2005-2262 | 0.04 | — | 0.07 | Jul 13, 2005 | Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval… | |||
| CVE-2005-1532 | 0.04 | — | 0.09 | May 12, 2005 | Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160. | |||
| CVE-2005-1476 | 0.04 | — | 0.17 | May 9, 2005 | Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477. | |||
| CVE-2005-1477 | 0.04 | — | 0.15 | May 9, 2005 | The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities… | |||
| CVE-2005-0989 | 0.04 | — | 0.10 | May 2, 2005 | The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method. | |||
| CVE-2004-1381 | 0.04 | — | 0.07 | Oct 20, 2004 | Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could… | |||
| CVE-2015-4481 | 0.03 | — | 0.01 | Aug 16, 2015 | Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update. | |||
| CVE-2014-1564 | 0.03 | — | 0.05 | Sep 3, 2014 | Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS… |
- CVE-2008-2419May 23, 2008risk 0.04cvss —epss 0.07
Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated…
- CVE-2008-0418Feb 8, 2008risk 0.04cvss —epss 0.09
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated…
- CVE-2007-1362Jun 1, 2007risk 0.04cvss —epss 0.08
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name…
- CVE-2007-1562Mar 21, 2007risk 0.04cvss —epss 0.14
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP…
- CVE-2007-0009Feb 26, 2007risk 0.04cvss —epss 0.50
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611,…
- CVE-2007-0981Feb 16, 2007risk 0.04cvss —epss 0.12
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname)…
- CVE-2006-5633Oct 31, 2006risk 0.04cvss —epss 0.07
Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a…
- CVE-2006-4253Aug 21, 2006risk 0.04cvss —epss 0.14
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to…
- CVE-2006-2894Jun 7, 2006risk 0.04cvss —epss 0.10
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target…
- CVE-2005-4720Dec 31, 2005risk 0.04cvss —epss 0.08
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite…
- CVE-2005-4134Dec 9, 2005risk 0.04cvss —epss 0.13
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during…
- CVE-2005-2968Sep 20, 2005risk 0.04cvss —epss 0.11
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
- CVE-2005-2262Jul 13, 2005risk 0.04cvss —epss 0.07
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval…
- CVE-2005-1532May 12, 2005risk 0.04cvss —epss 0.09
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
- CVE-2005-1476May 9, 2005risk 0.04cvss —epss 0.17
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
- CVE-2005-1477May 9, 2005risk 0.04cvss —epss 0.15
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities…
- CVE-2005-0989May 2, 2005risk 0.04cvss —epss 0.10
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
- CVE-2004-1381Oct 20, 2004risk 0.04cvss —epss 0.07
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could…
- CVE-2015-4481Aug 16, 2015risk 0.03cvss —epss 0.01
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
- CVE-2014-1564Sep 3, 2014risk 0.03cvss —epss 0.05
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS…
Page 98 of 159