Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.87%
  • Veröffentlicht 01.06.2007 00:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:35

Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of se...

  • EPSS 1.8%
  • Veröffentlicht 01.06.2007 00:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:35

The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in...

  • EPSS 1.65%
  • Veröffentlicht 01.06.2007 00:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:36

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add...

  • EPSS 2.49%
  • Veröffentlicht 01.06.2007 00:30:00
  • Zuletzt bearbeitet 16.06.2026 22:40:36

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: th...

Exploit
  • EPSS 3.22%
  • Veröffentlicht 14.05.2007 23:19:00
  • Zuletzt bearbeitet 16.06.2026 22:40:05

Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.

  • EPSS 12.74%
  • Veröffentlicht 26.04.2007 20:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:18

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

  • EPSS 2.97%
  • Veröffentlicht 24.04.2007 16:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:05

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

  • EPSS 1.38%
  • Veröffentlicht 22.04.2007 19:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:03

(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.

  • EPSS 0.93%
  • Veröffentlicht 11.04.2007 10:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:39

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

  • EPSS 1.03%
  • Veröffentlicht 30.03.2007 00:19:00
  • Zuletzt bearbeitet 16.06.2026 22:38:14

Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.