Vulnerabilities > Mozilla > Firefox > 2.0.0.7

DATE CVE VULNERABILITY TITLE RISK
2008-06-19 CVE-2008-2785 Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349.
network
mozilla CWE-189
critical
9.3
2008-03-28 CVE-2008-1240 Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12
LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 does not properly parse the content origin for jar: URIs before sending them to the Java plugin, which allows remote attackers to access arbitrary ports on the local machine.
network
low complexity
mozilla
5.0
2008-03-27 CVE-2008-1241 Link Following vulnerability in Mozilla Firefox and Seamonkey
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab.
network
mozilla CWE-59
4.3
2008-03-27 CVE-2008-1237 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.
network
mozilla CWE-399
6.8
2008-03-27 CVE-2008-1236 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to the layout engine.
network
mozilla CWE-399
6.8
2008-03-27 CVE-2008-1235 Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."
network
mozilla
critical
9.3
2008-03-27 CVE-2008-1234 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."
network
mozilla CWE-79
4.3
2008-03-27 CVE-2008-1233 Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via "XPCNativeWrapper pollution."
network
mozilla CWE-94
6.8
2008-02-12 CVE-2008-0420 Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 does not properly perform certain calculations related to the mColors table, which allows remote attackers to read portions of memory uninitialized via a crafted 8-bit bitmap (BMP) file that triggers an out-of-bounds read within the heap, as demonstrated using a CANVAS element; or cause a denial of service (application crash) via a crafted 8-bit bitmap file that triggers an out-of-bounds read.
network
mozilla CWE-200
critical
9.3
2008-02-09 CVE-2008-0594 Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.11
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
network
low complexity
mozilla
5.0