Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 12.09%
  • Veröffentlicht 16.07.2009 15:30:00
  • Zuletzt bearbeitet 16.06.2026 23:09:32

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-bas...

Exploit
  • EPSS 42.69%
  • Veröffentlicht 15.07.2009 15:30:01
  • Zuletzt bearbeitet 16.06.2026 23:09:32

js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized mem...

Exploit
  • EPSS 28.17%
  • Veröffentlicht 01.07.2009 13:00:01
  • Zuletzt bearbeitet 16.06.2026 23:05:34

Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD...

Exploit
  • EPSS 1.23%
  • Veröffentlicht 15.06.2009 19:30:05
  • Zuletzt bearbeitet 16.06.2026 23:08:40

Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify...

  • EPSS 0.85%
  • Veröffentlicht 15.06.2009 19:30:05
  • Zuletzt bearbeitet 16.06.2026 23:08:41

Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying ...

Exploit
  • EPSS 9.28%
  • Veröffentlicht 12.06.2009 21:30:00
  • Zuletzt bearbeitet 16.06.2026 23:07:11

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vect...

Exploit
  • EPSS 9.18%
  • Veröffentlicht 12.06.2009 21:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:08

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double fra...

Exploit
  • EPSS 9.18%
  • Veröffentlicht 12.06.2009 21:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:09

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vec...

Exploit
  • EPSS 3.23%
  • Veröffentlicht 12.06.2009 21:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:09

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whites...

Exploit
  • EPSS 2.33%
  • Veröffentlicht 12.06.2009 21:30:00
  • Zuletzt bearbeitet 16.06.2026 23:08:09

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML docu...