Mozilla

Firefox

3102 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2007-2870

  • EPSS 8.3%
  • Veröffentlicht 01.06.2007 00:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add...

4.3

CVE-2007-2871

  • EPSS 16.95%
  • Veröffentlicht 01.06.2007 00:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: th...

7.1

CVE-2007-2671

Exploit
  • EPSS 6.76%
  • Veröffentlicht 14.05.2007 23:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.

4.3

CVE-2007-2292

  • EPSS 1.82%
  • Veröffentlicht 26.04.2007 20:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

10

CVE-2007-2176

  • EPSS 2.79%
  • Veröffentlicht 24.04.2007 16:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

7.8

CVE-2007-2162

  • EPSS 0.75%
  • Veröffentlicht 22.04.2007 19:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

5

CVE-2007-1970

  • EPSS 0.35%
  • Veröffentlicht 11.04.2007 10:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

5

CVE-2007-1762

  • EPSS 0.25%
  • Veröffentlicht 30.03.2007 00:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.

7.5

CVE-2007-1736

  • EPSS 0.14%
  • Veröffentlicht 28.03.2007 22:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

6.8

CVE-2007-1562

  • EPSS 30.34%
  • Veröffentlicht 21.03.2007 19:19:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate...