Vulnerabilities > Mozilla > Firefox > 2.0.0.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-21 | CVE-2007-5334 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. | 4.3 |
| 2007-09-24 | CVE-2007-5045 | Code Injection vulnerability in multiple products Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. | 9.3 |
| 2007-09-13 | CVE-2007-4879 | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | 5.0 |
| 2007-09-12 | CVE-2007-4841 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. | 9.3 |
| 2007-08-15 | CVE-2007-4357 | Remote Security vulnerability in Firefox Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. | 5.0 |
| 2007-07-27 | CVE-2007-4038 | Code Injection vulnerability in Mozilla Firefox and Thunderbird Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking Thunderbird.exe, a similar issue to CVE-2007-3670. | 4.3 |
| 2007-07-18 | CVE-2007-3738 | Remote vulnerability in Mozilla Firefox 2.0.0.4 Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. | 9.3 |
| 2007-07-18 | CVE-2007-3737 | Remote vulnerability in Mozilla Firefox 2.0.0.4 Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." | 9.3 |
| 2007-07-18 | CVE-2007-3736 | Remote vulnerability in Mozilla Firefox 2.0.0.4 Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the (1) addEventListener or (2) setTimeout function, probably by setting events that activate after the context has changed. network mozilla | 4.3 |
| 2007-07-18 | CVE-2007-3735 | Remote vulnerability in Mozilla Firefox and Thunderbird Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 2.0.0.5 and Thunderbird before 2.0.0.5 allow remote attackers to cause a denial of service (crash) via unspecified vectors that trigger memory corruption. | 9.3 |