Mozilla

Firefox

2920 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2008-2014

  • EPSS 1.24%
  • Veröffentlicht 30.04.2008 01:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

4.3

CVE-2007-6715

  • EPSS 0.64%
  • Veröffentlicht 17.04.2008 22:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

9.3

CVE-2008-1380

  • EPSS 17.01%
  • Veröffentlicht 17.04.2008 19:05:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. ...

5

CVE-2008-1240

  • EPSS 4.85%
  • Veröffentlicht 28.03.2008 01:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. ...

6.8

CVE-2008-1233

  • EPSS 19.86%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

4.3

CVE-2008-1234

  • EPSS 7.19%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event han...

9.3

CVE-2008-1235

  • EPSS 19.12%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka...

6.8

CVE-2008-1236

  • EPSS 26.05%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors relat...

6.8

CVE-2008-1237

  • EPSS 26.05%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors relat...

5

CVE-2008-1238

Exploit
  • EPSS 5.43%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypa...