Mozilla: >> Firefox Security Vulnerabilities
Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read files in the local Firefox installation directory via a resource:// URI.
CVSS Score
4.3
EPSS Score
0.006
Published
2007-06-06
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."
CVSS Score
4.3
EPSS Score
0.459
Published
2007-06-01
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
CVSS Score
9.3
EPSS Score
0.185
Published
2007-06-01
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
CVSS Score
9.3
EPSS Score
0.277
Published
2007-06-01
The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.
CVSS Score
4.3
EPSS Score
0.164
Published
2007-06-01
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.
CVSS Score
4.3
EPSS Score
0.083
Published
2007-06-01
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.
CVSS Score
4.3
EPSS Score
0.169
Published
2007-06-01
Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.
CVSS Score
7.1
EPSS Score
0.068
Published
2007-05-14
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
CVSS Score
4.3
EPSS Score
0.018
Published
2007-04-26
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
CVSS Score
10.0
EPSS Score
0.028
Published
2007-04-24