Mozilla: >> Firefox >> 3.0.3 Security Vulnerabilities
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
CVSS Score
4.3
EPSS Score
0.051
Published
2008-12-22
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
CVSS Score
10.0
EPSS Score
0.062
Published
2008-12-17
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
CVSS Score
5.0
EPSS Score
0.045
Published
2008-12-17
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions.
CVSS Score
5.0
EPSS Score
0.038
Published
2008-12-17
Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
CVSS Score
5.0
EPSS Score
0.008
Published
2008-12-17
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
CVSS Score
6.8
EPSS Score
0.005
Published
2008-12-17
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
CVSS Score
6.0
EPSS Score
0.002
Published
2008-12-17
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
CVSS Score
4.3
EPSS Score
0.022
Published
2008-12-17
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
CVSS Score
5.0
EPSS Score
0.01
Published
2008-12-17
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document."
CVSS Score
4.3
EPSS Score
0.01
Published
2008-12-17