Mozilla Firefox vulnerabilities

3,197 known vulnerabilities affecting mozilla/firefox.

Total CVEs

3,197

CISA KEV

actively exploited

Public exploits

122

Exploited in wild

Severity breakdown

CRITICAL865HIGH944MEDIUM1312LOW71UNKNOWN5

Vulnerabilities

Page 140 of 160

CVE-2008-0413CRITICALCVSS 9.3≤ 2.0.0.112008-02-08

CVE-2008-0413 [CRITICAL] CWE-399 CVE-2008-0413: The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via (1) a large switch statement, (2) certain uses of watch and eval, (3) certain uses of the mousedown event listener, and other vectors

nvd

CVE-2008-0419CRITICALCVSS 9.3≤ 2.0.0.112008-02-08

CVE-2008-0419 [CRITICAL] CWE-399 CVE-2008-0419: Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigati Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

nvd

CVE-2008-0412CRITICALCVSS 9.3≤ 2.0.0.112008-02-08

CVE-2008-0412 [CRITICAL] CWE-399 CVE-2008-0412: The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey be The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedI

nvd

CVE-2008-0418MEDIUMCVSS 4.3PoC≤ 2.0.0.112008-02-08

CVE-2008-0418 [MEDIUM] CWE-22 CVE-2008-0418: Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, a Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

nvd

CVE-2008-0414MEDIUMCVSS 4.3≤ 2.0.0.112008-02-08

CVE-2008-0414 [MEDIUM] CWE-20 CVE-2008-0414: Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."

nvd

CVE-2008-0415MEDIUMCVSS 4.3≤ 2.0.0.112008-02-08

CVE-2008-0415 [MEDIUM] CWE-79 CVE-2008-0415: Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remo Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript privilege escalation bugs."

nvd

CVE-2008-0417MEDIUMCVSS 4.3≤ 2.0.0.112008-02-08

CVE-2008-0417 [MEDIUM] CWE-94 CVE-2008-0417: CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web site CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.

nvd

CVE-2008-0367MEDIUMCVSS 5.0≤ 2.0.0.11v3.02008-01-19

CVE-2008-0367 [MEDIUM] CWE-200 CVE-2008-0367: Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authen Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

nvd

CVE-2007-6589MEDIUMCVSS 4.3≤ 2.0.0.92007-12-28

CVE-2007-6589 [MEDIUM] CVE-2007-6589: The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not upda The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

nvd

CVE-2007-5959CRITICALCVSS 9.3v0.8v0.9+46 more2007-11-26

CVE-2007-5959 [CRITICAL] CVE-2007-5959: Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 a Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.

nvd

CVE-2007-5960MEDIUMCVSS 4.3v0.8v0.9+46 more2007-11-26

CVE-2007-5960 [MEDIUM] CWE-22 CVE-2007-5960: Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal al

nvd

CVE-2007-5947MEDIUMCVSS 4.3≤ 2.0.0.9v2.0.0.1+7 more2007-11-14

CVE-2007-5947 [MEDIUM] CWE-79 CVE-2007-5947: The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

nvd

CVE-2007-5896HIGHCVSS 7.1v2.0.0.92007-11-08

CVE-2007-5896 [HIGH] CWE-399 CVE-2007-5896: Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and cr Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI.

nvd

CVE-2007-5691MEDIUMCVSS 4.3v2.0.0.72007-10-29

CVE-2007-5691 [MEDIUM] CWE-20 CVE-2007-5691: ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service ( ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer."

nvd

CVE-2007-5335MEDIUMCVSS 4.3≤ 2.0.0.72007-10-24

CVE-2007-5335 [MEDIUM] CWE-200 CVE-2007-5335: Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs.

nvd

CVE-2007-5338CRITICALCVSS 9.3≤ 2.0.0.72007-10-21

CVE-2007-5338 [CRITICAL] CWE-16 CVE-2007-5338: Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrar Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

nvd

CVE-2007-5337MEDIUMCVSS 4.3≤ 2.0.0.72007-10-21

CVE-2007-5337 [MEDIUM] CWE-200 CVE-2007-5337: Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome- Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other fi

nvd

CVE-2007-5339MEDIUMCVSS 4.3≤ 2.0.0.72007-10-21

CVE-2007-5339 [MEDIUM] CWE-20 CVE-2007-5339: Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonke Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.

nvd

CVE-2007-5334MEDIUMCVSS 4.3≤ 2.0.0.72007-10-21

CVE-2007-5334 [MEDIUM] CWE-16 CVE-2007-5334: Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displa Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

nvd

CVE-2007-5340MEDIUMCVSS 4.3≤ 2.0.0.72007-10-21

CVE-2007-5340 [MEDIUM] CWE-20 CVE-2007-5340: Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird bef Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

nvd

← Previous140 / 160Next →