Vulnerabilities > Mozilla > Firefox > 1.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-27 | CVE-2008-1234 | Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers." | 4.3 |
2008-03-27 | CVE-2008-1233 | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution." | 6.8 |
2008-02-12 | CVE-2008-0420 | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read. | 9.3 |
2008-02-09 | CVE-2008-0594 | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. | 5.0 |
2008-02-09 | CVE-2008-0593 | Information Exposure vulnerability in Mozilla Firefox and Seamonkey Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. | 4.3 |
2008-02-09 | CVE-2008-0592 | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11 Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future plain text files within the browser. network mozilla | 4.3 |
2008-02-09 | CVE-2008-0591 | Unspecified vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the window focus, aka the "dialog refocus bug" or "ffclick2". network mozilla | 4.3 |
2008-02-08 | CVE-2008-0419 | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. | 9.3 |
2008-02-08 | CVE-2008-0418 | Path Traversal vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | 4.3 |
2008-02-08 | CVE-2008-0417 | Code Injection vulnerability in Mozilla Firefox CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | 4.3 |