Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox:2.0.0.15
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-0016 |
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. Published: September 24, 2008; 4:37:04 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-2933 |
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. NOTE: this issue exists because of an insufficient fix for CVE-2005-2267. Published: July 17, 2008; 9:41:00 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2008-2785 |
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. Published: June 19, 2008; 5:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |