ReportizFlow
Filtered by vendor Mozilla
Subscriptions
Total
3510 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-1232 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0.10 and earlier are also affected. | ||||
| CVE-2009-1833 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | ||||
| CVE-2007-0792 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | N/A |
| The mod_perl initialization script in Bugzilla 2.23.3 does not set the Bugzilla Apache configuration to allow .htaccess permissions to override file permissions, which allows remote attackers to obtain the database username and password via a direct request for the localconfig file. | ||||
| CVE-2007-3737 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." | ||||
| CVE-2007-5340 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | ||||
| CVE-2007-5274 | 4 Mozilla, Opera, Redhat and 1 more | 6 Firefox, Opera Browser, Rhel Extras and 3 more | 2025-04-09 | N/A |
| Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. | ||||
| CVE-2009-0068 | 2 Freedesktop, Mozilla | 2 Xdg-utils, Firefox | 2025-04-09 | N/A |
| Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file. | ||||
| CVE-2008-5013 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | ||||
| CVE-2008-5504 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836. | ||||
| CVE-2007-4543 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." | ||||
| CVE-2007-4357 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified. | ||||
| CVE-2007-3845 | 2 Microsoft, Mozilla | 4 Windows Xp, Firefox, Seamonkey and 1 more | 2025-04-09 | 8.8 High |
| Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler." | ||||
| CVE-2007-3089 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME (1) during the load stage or (2) in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystroke values from window.event, aka the "promiscuous IFRAME access bug," a related issue to CVE-2006-4568. | ||||
| CVE-2007-1095 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. | ||||
| CVE-2008-5014 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | N/A |
| jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function. | ||||
| CVE-2008-2419 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a JSframe close, as demonstrated by an error in loading an empty Java applet defined by a 'src="javascript:"' sequence. | ||||
| CVE-2009-2479 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. | ||||
| CVE-2008-0416 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including (1) a backspace character that is treated as whitespace, (2) 0x80 with Shift_JIS encoding, and (3) "zero-length non-ASCII sequences" in certain Asian character sets. | ||||
| CVE-2007-5415 | 1 Mozilla | 1 Firefox | 2025-04-09 | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414. | ||||
| CVE-2007-0779 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-09 | N/A |
| GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. | ||||