Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox:1.5.0.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2007-2871 |
Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks. Published: May 31, 2007; 8:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-2292 |
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. Published: April 26, 2007; 4:19:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-1562 |
The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. Published: March 21, 2007; 3:19:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-0008 |
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow. Published: February 26, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-0776 |
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file. Published: February 26, 2007; 2:28:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-0995 |
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions. Published: February 26, 2007; 2:28:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-1095 |
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. Published: February 26, 2007; 12:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2007-1084 |
Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. Published: February 22, 2007; 9:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-2894 |
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Published: June 07, 2006; 6:02:00 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |