Mozilla

Firefox

2920 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2007-2671

Exploit
  • EPSS 6.52%
  • Veröffentlicht 14.05.2007 23:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.

4.3

CVE-2007-2292

  • EPSS 1.57%
  • Veröffentlicht 26.04.2007 20:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

10

CVE-2007-2176

  • EPSS 2.79%
  • Veröffentlicht 24.04.2007 16:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

7.8

CVE-2007-2162

  • EPSS 0.72%
  • Veröffentlicht 22.04.2007 19:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

5

CVE-2007-1970

  • EPSS 0.33%
  • Veröffentlicht 11.04.2007 10:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

5

CVE-2007-1762

  • EPSS 0.24%
  • Veröffentlicht 30.03.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.

7.5

CVE-2007-1736

  • EPSS 0.13%
  • Veröffentlicht 28.03.2007 22:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

6.8

CVE-2007-1562

  • EPSS 29.81%
  • Veröffentlicht 21.03.2007 19:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate...

5

CVE-2007-1377

Exploit
  • EPSS 17.21%
  • Veröffentlicht 10.03.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followe...

6.8

CVE-2007-0994

Exploit
  • EPSS 2.6%
  • Veröffentlicht 06.03.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI...