Vulnerabilities > Mozilla > Firefox > 0.6

DATE CVE VULNERABILITY TITLE RISK
2008-09-24 CVE-2008-0016 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
network
low complexity
mozilla CWE-119
critical
10.0
2008-07-17 CVE-2008-2933 Improper Input Validation vulnerability in Mozilla Firefox
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540.
network
high complexity
mozilla CWE-20
2.6
2008-07-07 CVE-2008-2811 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
network
low complexity
mozilla CWE-399
critical
10.0
2008-07-07 CVE-2008-2810 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly identify the context of Windows shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy via a crafted web site for which the user has previously saved a shortcut.
network
mozilla CWE-264
6.8
2008-07-07 CVE-2008-2807 Information Exposure vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file.
network
low complexity
mozilla CWE-200
5.0
2008-07-07 CVE-2008-2805 Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range.
network
low complexity
mozilla CWE-20
5.0
2008-07-07 CVE-2008-2803 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons.
network
mozilla CWE-264
6.8
2008-07-07 CVE-2008-2802 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."
network
low complexity
mozilla CWE-264
7.5
2008-07-07 CVE-2008-2801 Improper Authentication vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly implement JAR signing, which allows remote attackers to execute arbitrary code via (1) injection of JavaScript into documents within a JAR archive or (2) a JAR archive that uses relative URLs to JavaScript files.
network
low complexity
mozilla CWE-287
7.5
2008-07-07 CVE-2008-2800 Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.
network
mozilla CWE-79
4.3