Vulnerabilities > Mozilla > Firefox > 0.9.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-12-28 | CVE-2007-6589 | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | 4.3 |
2007-11-26 | CVE-2007-5959 | Remote Unspecified Memory Corruption vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. | 9.3 |
2007-11-14 | CVE-2007-5947 | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | 4.3 |
2007-10-24 | CVE-2007-5335 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | 4.3 |
2007-10-21 | CVE-2007-5338 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | 9.3 |
2007-10-21 | CVE-2007-5337 | Information Exposure vulnerability in multiple products Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | 4.3 |
2007-10-21 | CVE-2007-5334 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. | 4.3 |
2007-10-12 | CVE-2007-5414 | Cross-Site Scripting vulnerability in Mozilla Firefox Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. | 2.6 |
2007-09-24 | CVE-2007-5045 | Code Injection vulnerability in multiple products Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. | 9.3 |
2007-09-13 | CVE-2007-4879 | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | 5.0 |