Vulnerabilities > Mozilla > Seamonkey > 1.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-28 | CVE-2007-6589 | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a different vulnerability than CVE-2007-5947. | 4.3 |
| 2007-11-14 | CVE-2007-5947 | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 retrieves the inner URL regardless of its MIME type, and considers HTML documents within a jar archive to have the same origin as the inner URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI. | 4.3 |
| 2007-10-21 | CVE-2007-5338 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed. | 9.3 |
| 2007-10-21 | CVE-2007-5337 | Information Exposure vulnerability in multiple products Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs with (1) smb: or (2) sftp: schemes that access other files from the server. | 4.3 |
| 2007-10-21 | CVE-2007-5334 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute. | 4.3 |
| 2007-09-13 | CVE-2007-4879 | Remote vulnerability in Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12 Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, can automatically install TLS client certificates with minimal user interaction, and automatically sends these certificates when requested, which makes it easier for remote web sites to track user activities across domains by requesting the TLS client certificates from other domains. | 5.0 |
| 2007-09-12 | CVE-2007-4841 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845. | 9.3 |
| 2007-04-26 | CVE-2007-2292 | Improper Input Validation vulnerability in multiple products CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute. | 4.3 |
| 2007-02-26 | CVE-2007-1095 | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client. network mozilla | 6.8 |
| 2006-12-20 | CVE-2006-6497 | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. network mozilla | 6.8 |