Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox:2.0.0.12
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-1236 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine. Published: March 27, 2008; 6:44:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1237 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine. Published: March 27, 2008; 6:44:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-1238 |
Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. Published: March 27, 2008; 6:44:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-1241 |
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab. Published: March 27, 2008; 6:44:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-4879 |
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. Published: September 13, 2007; 2:17:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |