ReportizFlow
Filtered by vendor Mozilla
Subscriptions
Total
3496 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1838 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler. | ||||
| CVE-2007-3144 | 1 Mozilla | 1 Mozilla | 2025-04-09 | N/A |
| Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication. | ||||
| CVE-2009-1312 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | ||||
| CVE-2007-3074 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI. | ||||
| CVE-2007-4038 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-09 | N/A |
| Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | ||||
| CVE-2009-3274 | 3 Linux, Mozilla, Redhat | 3 Linux Kernel, Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, related to the Download Manager component. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1311 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | ||||
| CVE-2009-3986 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||||
| CVE-2009-2044 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | ||||
| CVE-2009-0723 | 5 Gimp, Littlecms, Mozilla and 2 more | 5 Gimp, Little Cms, Firefox and 2 more | 2025-04-09 | N/A |
| Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2009-1169 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | ||||
| CVE-2009-2462 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-09 | N/A |
| The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition. | ||||
| CVE-2008-0367 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | ||||
| CVE-2007-3073 | 3 Apple, Mozilla, Unix | 3 Mac Os X, Firefox, Unix | 2025-04-09 | N/A |
| Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and earlier on Mac OS X and Unix allows remote attackers to read arbitrary files via ..%2F (dot dot encoded slash) sequences in a resource:// URI. | ||||
| CVE-2006-5633 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | N/A |
| Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference. | ||||
| CVE-2007-3954 | 2 Microsoft, Mozilla | 2 Internet Explorer, Seamonkey | 2025-04-09 | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | ||||
| CVE-2008-1236 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. | ||||
| CVE-2009-0356 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involving the URL field in a Desktop Entry section of a .desktop file, related to representation of about: URIs as jar:file:// URIs. NOTE: this issue exists because of an incomplete fix for CVE-2008-4582. | ||||
| CVE-2008-5502 | 3 Canonical, Mozilla, Redhat | 4 Ubuntu Linux, Firefox, Seamonkey and 1 more | 2025-04-09 | N/A |
| The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. | ||||
| CVE-2008-0304 | 4 Linux, Microsoft, Mozilla and 1 more | 5 Linux Kernel, Windows, Seamonkey and 2 more | 2025-04-09 | N/A |
| Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and SeaMonkey before 1.1.8 might allow remote attackers to execute arbitrary code via a crafted external-body MIME type in an e-mail message, related to an incorrect memory allocation during message preview. | ||||