Filtered by vendor Mozilla
Subscribe
Total
3234 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2805 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range. | |||||
| CVE-2008-0017 | 3 Canonical, Debian, Mozilla | 4 Ubuntu Linux, Debian Linux, Firefox and 1 more | 2025-04-09 | 9.3 HIGH | N/A |
| The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow. | |||||
| CVE-2009-3071 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2007-3954 | 2 Microsoft, Mozilla | 2 Internet Explorer, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. | |||||
| CVE-2009-1313 | 1 Mozilla | 1 Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302. | |||||
| CVE-2009-2663 | 1 Mozilla | 1 Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. | |||||
| CVE-2007-5459 | 2 Itirou Maruta, Mozilla | 2 Mouseoverdictionary, Firefox | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-1835 | 1 Mozilla | 2 Firefox, Seamonkey | 2025-04-09 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. | |||||
| CVE-2008-4063 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames. | |||||
| CVE-2008-1235 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." | |||||
| CVE-2009-3980 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-3983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | |||||
| CVE-2007-0009 | 3 Canonical, Debian, Mozilla | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values. | |||||
| CVE-2006-6499 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that reduce the precision. | |||||
| CVE-2008-2104 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 4.0 MEDIUM | N/A |
| The WebService in Bugzilla 3.1.3 allows remote authenticated users without canconfirm privileges to create NEW or ASSIGNED bug entries via a request to the XML-RPC interface, which bypasses the canconfirm check. | |||||
| CVE-2008-2806 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. | |||||
| CVE-2009-3073 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2009-0652 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-09 | 5.8 MEDIUM | N/A |
| The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. | |||||
| CVE-2007-4543 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla 2.17.1 through 2.20.4, 2.22.x before 2.22.3, and 3.x before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the buildid field in the "guided form." | |||||
| CVE-2009-3371 | 1 Mozilla | 1 Firefox | 2025-04-09 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | |||||