Mozilla

Firefox

3184 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 20.4%
  • Veröffentlicht 08.02.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:10:44

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homog...

Exploit
  • EPSS 2.67%
  • Veröffentlicht 07.02.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:10:44

Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."

  • EPSS 1.04%
  • Veröffentlicht 24.01.2005 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:10:35

Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.

  • EPSS 8.01%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:06:38

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overfl...

  • EPSS 1.42%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:07:09

Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up windo...

Exploit
  • EPSS 2.2%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:07:14

Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

Exploit
  • EPSS 1.6%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:08:19

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs ...

  • EPSS 1.81%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:09:15

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.

  • EPSS 1.81%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:09:16

Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.

  • EPSS 0.27%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:10:04

Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the l...