Vulnerabilities > Mozilla > Firefox > 2.0.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-01 | CVE-2007-2868 | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption. | 9.3 |
| 2007-06-01 | CVE-2007-2867 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues. | 9.3 |
| 2007-06-01 | CVE-2007-1362 | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies." | 4.3 |
| 2007-04-26 | CVE-2007-2292 | Improper Input Validation vulnerability in multiple products CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | 4.3 |
| 2007-03-30 | CVE-2007-1762 | Security Bypass vulnerability in Mozilla Firefox 2.0.0.1/2.0.0.2/2.0.0.3 Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL. | 5.0 |
| 2007-03-21 | CVE-2007-1562 | Information Exposure vulnerability in multiple products The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response. | 6.8 |
| 2007-03-06 | CVE-2007-0994 | Code Injection vulnerability in multiple products A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges. | 6.8 |
| 2007-03-03 | CVE-2007-1256 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox 2.0/2.0.0.1/2.0.0.2 Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092. | 6.8 |
| 2007-02-27 | CVE-2007-0996 | Remote vulnerability in Mozilla Thunderbird/SeaMonkey/Firefox The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. network mozilla | 5.8 |
| 2007-02-26 | CVE-2007-0780 | Cross-Site Scripting vulnerability in multiple products browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | 6.8 |