National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:mozilla:firefox:1.8
There are 1,430 matching records.
Displaying matches 1421 through 1430.
Vuln ID Summary CVSS Severity

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Published: April 26, 2007; 04:19:00 PM -04:00
    V2: 4.3 MEDIUM

Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

Published: April 24, 2007; 12:19:00 PM -04:00
    V2: 10.0 HIGH

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

Published: April 11, 2007; 06:19:00 AM -04:00
    V2: 5.0 MEDIUM

The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.

Published: February 26, 2007; 06:28:00 PM -05:00
    V2: 5.0 MEDIUM

Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before, Thunderbird before, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.

Published: February 26, 2007; 02:28:00 PM -05:00
    V2: 9.3 HIGH

Mozilla Firefox before and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

Published: February 26, 2007; 12:28:00 PM -05:00
    V2: 6.8 MEDIUM

Mozilla Firefox and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

Published: February 22, 2007; 09:28:00 PM -05:00
    V2: 6.8 MEDIUM

Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

Published: February 13, 2007; 06:28:00 AM -05:00
    V2: 4.3 MEDIUM

Mozilla Firefox, 2.0.x before, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Published: June 07, 2006; 06:02:00 AM -04:00
    V2: 4.0 MEDIUM

Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

Published: December 31, 2003; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM