Mozilla

Firefox

3102 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2005-0589

  • EPSS 0.65%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

5

CVE-2005-0590

  • EPSS 1.77%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequen...

2.6

CVE-2005-0591

Exploit
  • EPSS 2.39%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."

5

CVE-2005-0989

Exploit
  • EPSS 25.3%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.

7.5

CVE-2005-1153

  • EPSS 7.15%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.

7.5

CVE-2005-1154

  • EPSS 6.58%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site sc...

7.5

CVE-2005-1155

Exploit
  • EPSS 35.56%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."

7.5

CVE-2005-1156

Exploit
  • EPSS 6.78%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

7.5

CVE-2005-1157

Exploit
  • EPSS 8.73%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in ...

5

CVE-2005-1158

  • EPSS 0.86%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 16.04.2026 00:27:16

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.