U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:mozilla:seamonkey:1.1:alpha:*:*:*:*:*:*
  • CPE Name Search: true
There are 560 matching records.
Displaying matches 541 through 560.
Vuln ID Summary CVSS Severity
CVE-2008-0418

Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js.

Published: February 08, 2008; 5:00:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-0419

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.

Published: February 08, 2008; 5:00:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-6589

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947.

Published: December 28, 2007; 4:46:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5959

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.

Published: November 26, 2007; 6:46:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-5960

Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.

Published: November 26, 2007; 6:46:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5947

The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI.

Published: November 13, 2007; 8:46:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5334

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.

Published: October 21, 2007; 4:17:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.

Published: October 21, 2007; 4:17:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5338

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.

Published: October 21, 2007; 4:17:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-5339

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors.

Published: October 21, 2007; 3:17:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-5340

Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption.

Published: October 21, 2007; 3:17:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-4879

Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.

Published: September 13, 2007; 2:17:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-4841

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.

Published: September 12, 2007; 4:17:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2007-3954

Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670.

Published: July 24, 2007; 1:30:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-3511

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by changing focus from a textarea to a file upload field.

Published: July 03, 2007; 6:30:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-2292

CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.

Published: April 26, 2007; 4:19:00 PM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.

Published: March 05, 2007; 7:19:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-1095

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

Published: February 26, 2007; 12:28:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-6497

Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors.

Published: December 19, 2006; 8:28:00 PM -0500
V4.0:(not available)
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-2894

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.

Published: June 07, 2006; 6:02:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 4.0 MEDIUM