Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.32%
  • Veröffentlicht 04.02.2009 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:04:50

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors ...

  • EPSS 1.64%
  • Veröffentlicht 04.02.2009 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:04:50

components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via ...

  • EPSS 3.23%
  • Veröffentlicht 04.02.2009 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:04:51

Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome ...

  • EPSS 1.56%
  • Veröffentlicht 04.02.2009 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:04:51

Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XM...

  • EPSS 0.52%
  • Veröffentlicht 04.02.2009 19:30:00
  • Zuletzt bearbeitet 16.06.2026 23:04:51

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser...

  • EPSS 2.53%
  • Veröffentlicht 22.01.2009 18:30:03
  • Zuletzt bearbeitet 16.06.2026 23:04:35

Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.

  • EPSS 1.14%
  • Veröffentlicht 20.01.2009 16:30:00
  • Zuletzt bearbeitet 16.06.2026 23:01:12

The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier fo...

Exploit
  • EPSS 6.59%
  • Veröffentlicht 08.01.2009 19:30:11
  • Zuletzt bearbeitet 16.06.2026 23:04:12

Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a ...

  • EPSS 8.5%
  • Veröffentlicht 24.12.2008 18:29:15
  • Zuletzt bearbeitet 16.06.2026 23:00:51

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions ...

  • EPSS 3.2%
  • Veröffentlicht 17.12.2008 23:30:00
  • Zuletzt bearbeitet 16.06.2026 23:00:08

The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via ve...