Vulnerabilities > Mozilla > Firefox > 2.0.0.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-08 | CVE-2008-0418 | Path Traversal vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated by stealing session information from sessionstore.js. | 4.3 |
| 2008-02-08 | CVE-2008-0417 | Code Injection vulnerability in Mozilla Firefox CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | 4.3 |
| 2008-01-19 | CVE-2008-0367 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | 5.0 |
| 2007-12-28 | CVE-2007-6589 | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | 4.3 |
| 2007-11-26 | CVE-2007-5959 | Remote Unspecified Memory Corruption vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption. | 9.3 |
| 2007-11-14 | CVE-2007-5947 | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | 4.3 |
| 2007-11-08 | CVE-2007-5896 | Resource Management Errors vulnerability in Mozilla Firefox 2.0.0.9 Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) file:/// URI. | 7.1 |
| 2007-09-13 | CVE-2007-4879 | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | 5.0 |