Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.51%
  • Veröffentlicht 22.04.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:07:00

Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

Exploit
  • EPSS 2.31%
  • Veröffentlicht 22.04.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:07:00

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during ...

  • EPSS 5.57%
  • Veröffentlicht 22.04.2009 18:30:00
  • Zuletzt bearbeitet 16.06.2026 23:07:00

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or...

Exploit
  • EPSS 5.47%
  • Veröffentlicht 02.04.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:06:49

Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0...

Exploit
  • EPSS 10.46%
  • Veröffentlicht 27.03.2009 00:30:00
  • Zuletzt bearbeitet 16.06.2026 23:06:38

The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT trans...

Exploit
  • EPSS 2.5%
  • Veröffentlicht 23.03.2009 14:19:12
  • Zuletzt bearbeitet 16.06.2026 23:05:21

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

Exploit
  • EPSS 5.03%
  • Veröffentlicht 23.03.2009 14:19:12
  • Zuletzt bearbeitet 16.06.2026 23:05:38

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer over...

Exploit
  • EPSS 5.53%
  • Veröffentlicht 23.03.2009 14:19:12
  • Zuletzt bearbeitet 16.06.2026 23:05:39

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image ...

  • EPSS 6.49%
  • Veröffentlicht 23.03.2009 14:19:12
  • Zuletzt bearbeitet 16.06.2026 23:06:22

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils duri...

  • EPSS 4.61%
  • Veröffentlicht 05.03.2009 02:30:00
  • Zuletzt bearbeitet 16.06.2026 23:05:46

The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a...