Mozilla

Firefox

2867 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2008-5016

  • EPSS 21.26%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other conse...

10

CVE-2008-5017

  • EPSS 17.42%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (c...

10

CVE-2008-5018

  • EPSS 20.19%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient...

4.3

CVE-2008-5019

  • EPSS 12.82%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges vi...

9.3

CVE-2008-5021

  • EPSS 25.26%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying pr...

7.5

CVE-2008-5022

  • EPSS 13.45%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrar...

7.5

CVE-2008-5023

  • EPSS 18.39%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR f...

7.5

CVE-2008-5024

Exploit
  • EPSS 7.22%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection at...

10

CVE-2008-5052

  • EPSS 23.01%
  • Published 13.11.2008 11:30:01
  • Last modified 09.04.2025 00:30:58

The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that ...

4.3

CVE-2008-4723

Exploit
  • EPSS 0.21%
  • Published 23.10.2008 22:00:01
  • Last modified 09.04.2025 00:30:58

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the pro...