Mozilla

Firefox

2867 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.1

CVE-2005-0527

Exploit
  • EPSS 4.69%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."

2.1

CVE-2005-0578

  • EPSS 0.07%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.

2.6

CVE-2005-0584

  • EPSS 0.58%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

2.6

CVE-2005-0586

  • EPSS 0.69%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.

5

CVE-2005-0588

  • EPSS 1.48%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

5

CVE-2005-0589

  • EPSS 0.65%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

5

CVE-2005-0590

  • EPSS 1.77%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequen...

2.6

CVE-2005-0591

Exploit
  • EPSS 2.39%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."

5

CVE-2005-0989

Exploit
  • EPSS 25.3%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.

7.5

CVE-2005-1153

  • EPSS 5.04%
  • Published 02.05.2005 04:00:00
  • Last modified 03.04.2025 01:03:51

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.