Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2008-2934 | 6.8 |
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
|
08-02-2024 - 23:43 | 18-07-2008 - 16:41 | |
CVE-2008-5021 | 9.3 |
nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying pr
|
02-02-2024 - 17:07 | 13-11-2008 - 11:30 | |
CVE-2008-5016 | 5.0 |
The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other conse
|
13-02-2023 - 02:19 | 13-11-2008 - 11:30 | |
CVE-2008-5513 | 4.3 |
Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cr
|
13-02-2023 - 02:19 | 17-12-2008 - 23:30 | |
CVE-2008-5504 | 7.5 |
Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.
|
13-02-2023 - 02:19 | 17-12-2008 - 23:30 | |
CVE-2008-5511 | 4.3 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to a
|
13-02-2023 - 02:19 | 17-12-2008 - 23:30 | |
CVE-2008-5012 | 5.0 |
Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin
|
13-02-2023 - 02:19 | 13-11-2008 - 11:30 | |
CVE-2008-5019 | 4.3 |
The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting (XSS) attacks and execute arbitrary JavaScript with chrome privileges vi
|
13-02-2023 - 02:19 | 13-11-2008 - 11:30 | |
CVE-2008-3836 | 7.5 |
feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _in
|
13-02-2023 - 02:19 | 24-09-2008 - 20:37 | |
CVE-2008-5507 | 6.0 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL th
|
08-11-2018 - 20:12 | 17-12-2008 - 23:30 | |
CVE-2008-5508 | 4.3 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent
|
08-11-2018 - 20:12 | 17-12-2008 - 23:30 | |
CVE-2008-5510 | 5.0 |
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms s
|
08-11-2018 - 20:12 | 17-12-2008 - 23:30 | |
CVE-2008-5506 | 6.8 |
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-contr
|
08-11-2018 - 20:12 | 17-12-2008 - 23:30 | |
CVE-2008-5501 | 5.0 |
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
|
08-11-2018 - 20:11 | 17-12-2008 - 23:30 | |
CVE-2008-5502 | 5.0 |
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEnti
|
08-11-2018 - 20:11 | 17-12-2008 - 23:30 | |
CVE-2008-5500 | 10.0 |
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via ve
|
08-11-2018 - 20:10 | 17-12-2008 - 23:30 | |
CVE-2008-5512 | 6.8 |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown v
|
02-11-2018 - 14:54 | 17-12-2008 - 23:30 | |
CVE-2008-5024 | 7.5 |
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection at
|
02-11-2018 - 13:50 | 13-11-2008 - 11:30 | |
CVE-2008-5022 | 7.5 |
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrar
|
02-11-2018 - 13:49 | 13-11-2008 - 11:30 | |
CVE-2008-5023 | 7.5 |
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR f
|
02-11-2018 - 13:49 | 13-11-2008 - 11:30 | |
CVE-2008-5018 | 10.0 |
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient
|
02-11-2018 - 13:48 | 13-11-2008 - 11:30 | |
CVE-2008-5017 | 10.0 |
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (c
|
02-11-2018 - 13:48 | 13-11-2008 - 11:30 | |
CVE-2008-5014 | 10.0 |
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifyin
|
02-11-2018 - 13:47 | 13-11-2008 - 11:30 | |
CVE-2008-4062 | 10.0 |
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or po
|
01-11-2018 - 16:23 | 24-09-2008 - 20:37 | |
CVE-2008-4061 | 10.0 |
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash)
|
01-11-2018 - 16:23 | 24-09-2008 - 20:37 | |
CVE-2008-4058 | 7.5 |
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vec
|
01-11-2018 - 16:23 | 24-09-2008 - 20:37 | |
CVE-2008-4067 | 4.3 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash)
|
01-11-2018 - 16:22 | 24-09-2008 - 20:37 | |
CVE-2008-4065 | 4.3 |
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) charact
|
01-11-2018 - 16:22 | 24-09-2008 - 20:37 | |
CVE-2008-4068 | 7.8 |
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive inf
|
01-11-2018 - 15:15 | 24-09-2008 - 20:37 | |
CVE-2008-3837 | 9.3 |
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted
|
01-11-2018 - 15:14 | 24-09-2008 - 20:37 | |
CVE-2008-5013 | 9.3 |
Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically u
|
30-10-2018 - 16:25 | 13-11-2008 - 11:30 | |
CVE-2008-4582 | 4.3 |
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the
|
30-10-2018 - 16:25 | 15-10-2008 - 20:08 | |
CVE-2008-0017 | 9.3 |
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (
|
26-10-2018 - 14:19 | 13-11-2008 - 11:30 | |
CVE-2008-2933 | 2.6 |
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations in
|
11-10-2018 - 20:45 | 17-07-2008 - 13:41 | |
CVE-2008-2809 | 4.0 |
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in t
|
11-10-2018 - 20:44 | 08-07-2008 - 23:41 | |
CVE-2008-2808 | 4.3 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2811 | 10.0 |
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose di
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2807 | 5.0 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 enc
|
11-10-2018 - 20:44 | 07-07-2008 - 23:41 | |
CVE-2008-2801 | 7.5 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that u
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2803 | 6.8 |
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2805 | 5.0 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2802 | 7.5 |
Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to t
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2800 | 4.3 |
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT el
|
11-10-2018 - 20:43 | 07-07-2008 - 23:41 | |
CVE-2008-2785 | 9.3 |
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which all
|
11-10-2018 - 20:42 | 19-06-2008 - 21:41 | |
CVE-2008-5505 | 5.0 |
Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
|
03-10-2018 - 21:56 | 17-12-2008 - 23:30 | |
CVE-2008-5503 | 2.6 |
The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or
|
03-10-2018 - 21:56 | 17-12-2008 - 23:30 | |
CVE-2008-5015 | 5.1 |
Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: URI when it is accessed in the same tab from a chrome or privileged about: page, which makes it easier for user-assisted attackers to execute arbitrary JavaScript with chrome privi
|
29-09-2017 - 01:32 | 13-11-2008 - 11:30 | |
CVE-2008-4070 | 10.0 |
Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to
|
29-09-2017 - 01:31 | 27-09-2008 - 10:30 | |
CVE-2008-4066 | 4.3 |
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as
|
29-09-2017 - 01:31 | 24-09-2008 - 20:37 | |
CVE-2008-4060 | 7.5 |
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vector
|
29-09-2017 - 01:31 | 24-09-2008 - 20:37 | |
CVE-2008-3835 | 7.5 |
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vect
|
29-09-2017 - 01:31 | 24-09-2008 - 20:37 | |
CVE-2008-4063 | 9.3 |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1)
|
29-09-2017 - 01:31 | 24-09-2008 - 20:37 | |
CVE-2008-4069 | 5.0 |
The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.
|
29-09-2017 - 01:31 | 24-09-2008 - 20:37 | |
CVE-2008-4059 | 7.5 |
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
|
29-09-2017 - 01:31 | 24-09-2008 - 20:37 | |
CVE-2008-4064 | 10.0 |
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to graphics rendering and (1
|
29-09-2017 - 01:31 | 24-09-2008 - 20:37 | |
CVE-2008-0016 | 10.0 |
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
|
29-09-2017 - 01:30 | 24-09-2008 - 20:37 |