Vulnerabilities > Mozilla > Firefox > 1.5.0.12
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-24 | CVE-2007-5335 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs. | 4.3 |
| 2007-10-21 | CVE-2007-5338 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | 9.3 |
| 2007-10-21 | CVE-2007-5337 | Information Exposure vulnerability in multiple products Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | 4.3 |
| 2007-10-21 | CVE-2007-5334 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. | 4.3 |
| 2007-10-12 | CVE-2007-5414 | Cross-Site Scripting vulnerability in Mozilla Firefox Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. | 2.6 |
| 2007-09-24 | CVE-2007-5045 | Code Injection vulnerability in multiple products Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. | 9.3 |
| 2007-09-13 | CVE-2007-4879 | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | 5.0 |
| 2007-09-12 | CVE-2007-4841 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. | 9.3 |
| 2007-08-15 | CVE-2007-4357 | Remote Security vulnerability in Firefox Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. | 5.0 |
| 2007-07-27 | CVE-2007-4038 | Code Injection vulnerability in Mozilla Firefox and Thunderbird Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | 4.3 |