Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 7.08%
  • Veröffentlicht 07.07.2008 23:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:31

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose di...

  • EPSS 5.28%
  • Veröffentlicht 19.06.2008 21:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:26

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which all...

  • EPSS 1.38%
  • Veröffentlicht 19.06.2008 21:41:00
  • Zuletzt bearbeitet 16.06.2026 22:54:27

Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. NOTE: due to lack of details as of 20080619, it is not clear whether this is the same issue as CVE-2008-2785. A CVE identifier has been assigned for tracking purposes.

Exploit
  • EPSS 6.63%
  • Veröffentlicht 23.05.2008 15:32:00
  • Zuletzt bearbeitet 16.06.2026 22:53:44

Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a J...

  • EPSS 1.42%
  • Veröffentlicht 30.04.2008 01:07:00
  • Zuletzt bearbeitet 16.06.2026 22:52:56

Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop.

  • EPSS 1.04%
  • Veröffentlicht 17.04.2008 22:05:00
  • Zuletzt bearbeitet 16.06.2026 22:48:37

Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

  • EPSS 2.9%
  • Veröffentlicht 17.04.2008 19:05:00
  • Zuletzt bearbeitet 16.06.2026 22:51:37

The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. ...

  • EPSS 3.22%
  • Veröffentlicht 28.03.2008 01:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:20

LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine. ...

  • EPSS 4.34%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:18

Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."

  • EPSS 2.77%
  • Veröffentlicht 27.03.2008 10:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:18

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event han...