CVE-2009-0354
- EPSS 2.32%
- Veröffentlicht 04.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:50
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors ...
CVE-2009-0355
- EPSS 1.64%
- Veröffentlicht 04.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:50
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via ...
CVE-2009-0356
- EPSS 3.23%
- Veröffentlicht 04.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:51
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome ...
- EPSS 1.56%
- Veröffentlicht 04.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:51
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XM...
CVE-2009-0358
- EPSS 0.52%
- Veröffentlicht 04.02.2009 19:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:51
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser...
CVE-2009-0253
- EPSS 2.53%
- Veröffentlicht 22.01.2009 18:30:03
- Zuletzt bearbeitet 16.06.2026 23:04:35
Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
CVE-2008-5913
- EPSS 1.14%
- Veröffentlicht 20.01.2009 16:30:00
- Zuletzt bearbeitet 16.06.2026 23:01:12
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier fo...
CVE-2009-0071
- EPSS 6.59%
- Veröffentlicht 08.01.2009 19:30:11
- Zuletzt bearbeitet 16.06.2026 23:04:12
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a ...
- EPSS 8.5%
- Veröffentlicht 24.12.2008 18:29:15
- Zuletzt bearbeitet 16.06.2026 23:00:51
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions ...
- EPSS 3.2%
- Veröffentlicht 17.12.2008 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:00:08
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via ve...