Vulnerabilities > Mozilla > Firefox > 3.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-04 | CVE-2008-3444 | Improper Input Validation vulnerability in Mozilla Firefox 3.0/3.0.1 The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags." | 4.3 |
2008-07-17 | CVE-2008-3198 | Code Injection vulnerability in Mozilla Firefox 3.0 Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. | 7.5 |
2008-07-17 | CVE-2008-2933 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540. | 2.6 |
2008-06-19 | CVE-2008-2786 | Buffer Errors vulnerability in Mozilla Firefox 2.0/3.0 Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack vectors. | 10.0 |
2008-06-19 | CVE-2008-2785 | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. | 9.3 |
2008-04-30 | CVE-2008-2014 | Resource Management Errors vulnerability in Mozilla Firefox 3.0 Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | 5.0 |
2008-01-19 | CVE-2008-0367 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks. | 5.0 |
2007-07-27 | CVE-2007-4041 | OS Command Injection vulnerability in multiple products Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 and 3.0alpha allow remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a (1) mailto, (2) nntp, (3) news, (4) snews, or (5) telnet URI, a similar issue to CVE-2007-3670. | 6.8 |
2006-12-15 | CVE-2006-6585 | Remote Security vulnerability in Mozilla Firefox 2.0/3.0 The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. | 6.4 |