CVE-2008-4065
- EPSS 4.11%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:05
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) charact...
CVE-2008-4066
- EPSS 1.76%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:06
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as...
CVE-2008-4067
- EPSS 4.44%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:06
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) ...
CVE-2008-4068
- EPSS 4.17%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:06
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive inf...
- EPSS 1.66%
- Veröffentlicht 24.09.2008 20:37:04
- Zuletzt bearbeitet 16.06.2026 22:57:06
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
CVE-2008-3444
- EPSS 1.63%
- Veröffentlicht 04.08.2008 10:59:00
- Zuletzt bearbeitet 16.06.2026 22:55:50
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML ...
CVE-2008-2933
- EPSS 2.75%
- Veröffentlicht 17.07.2008 13:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:45
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations in...
CVE-2008-3198
- EPSS 2.96%
- Veröffentlicht 17.07.2008 13:41:00
- Zuletzt bearbeitet 16.06.2026 22:55:20
Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using C...
- EPSS 1.24%
- Veröffentlicht 08.07.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:31
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in t...
- EPSS 13.95%
- Veröffentlicht 07.07.2008 23:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:28
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unk...