Vulnerabilities > Mozilla > Firefox > 2.0.0.7

DATE CVE VULNERABILITY TITLE RISK
2009-03-05 CVE-2009-0772 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
network
mozilla CWE-399
critical
9.3
2009-02-20 CVE-2009-0652 Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233.
network
mozilla
5.8
2009-02-04 CVE-2009-0357 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism.
network
low complexity
mozilla CWE-264
5.0
2009-02-04 CVE-2009-0355 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
network
high complexity
mozilla CWE-264
5.4
2008-12-17 CVE-2008-5512 Permissions, Privileges, and Access Controls vulnerability in multiple products
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers."
6.8
2008-12-17 CVE-2008-5510 Remote vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey
The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.
network
low complexity
mozilla canonical debian
5.0
2008-12-17 CVE-2008-5508 Improper Input Validation vulnerability in multiple products
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.
4.3
2008-12-17 CVE-2008-5507 Information Exposure vulnerability in multiple products
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.
6.0
2008-12-17 CVE-2008-5506 Permissions, Privileges, and Access Controls vulnerability in multiple products
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
6.8
2008-12-17 CVE-2008-5505 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.
network
low complexity
mozilla CWE-264
5.0