Vulnerabilities > Mozilla > Firefox > 2.0.0.7

DATE CVE VULNERABILITY TITLE RISK
2007-10-29 CVE-2007-5691 Improper Input Validation vulnerability in Mozilla Firefox 2.0.0.7
ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers to cause a denial of service (application crash) via a crafted reply to an unspecified listing command, related to "reading from invalid pointer."
network
mozilla CWE-20
4.3
2007-10-24 CVE-2007-5335 Information Exposure vulnerability in Mozilla Firefox
Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs.
network
mozilla CWE-200
4.3
2007-10-21 CVE-2007-5338 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed.
network
mozilla CWE-264
critical
9.3
2007-10-21 CVE-2007-5337 Information Exposure vulnerability in multiple products
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server.
4.3
2007-10-21 CVE-2007-5334 Configuration vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute.
network
mozilla CWE-16
4.3
2007-09-13 CVE-2007-4879 Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12
Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains.
network
low complexity
mozilla
5.0
2007-09-12 CVE-2007-4841 Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
network
mozilla CWE-20
critical
9.3
2007-04-26 CVE-2007-2292 Improper Input Validation vulnerability in multiple products
CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.
4.3
2007-02-26 CVE-2007-1095 Unspecified vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.
network
mozilla
6.8
2006-06-07 CVE-2006-2894 Improper Input Validation vulnerability in multiple products
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
network
high complexity
mozilla netscape CWE-20
4.0