Mozilla

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-3072 1Mozilla 1Firefox Apr 23, 2026 Jun 6, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on Windows allows remote attackers to read arbitrary files via ..%5C (dot dot encoded backslash) sequences in a resource:// URI.
CVE-2007-2871 1Mozilla 2Firefox Seamonkey Apr 23, 2026 Jun 1, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the bro...Show more Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.Show less
CVE-2007-2870 1Mozilla 2Firefox Seamonkey Apr 23, 2026 Jun 1, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the...Show more Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.Show less
CVE-2007-2869 1Mozilla 1Firefox Apr 23, 2026 Jun 1, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a...Show more The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.Show less
CVE-2007-2868 1Mozilla 3Firefox SeamonkeyThunderbird Apr 23, 2026 Jun 1, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote att...Show more Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.Show less
CVE-2007-2867 1Mozilla 3Firefox SeamonkeyThunderbird Apr 23, 2026 Jun 1, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attacke...Show more Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.Show less
CVE-2007-1362 1Mozilla 2Firefox Seamonkey Apr 23, 2026 Jun 1, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption,...Show more Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."Show less
CVE-2007-2671 1Mozilla 1Firefox Apr 23, 2026 May 14, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of service (application crash) via a long hostname in an HREF attribute in an A element, which triggers an out-of-bounds memory access.
CVE-2007-2292 2Microsoft Mozilla 3Firefox Internet ExplorerSeamonkey Apr 23, 2026 Apr 26, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the...Show more CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows remote attackers to conduct HTTP request splitting attacks via LF (%0a) bytes in the username attribute.Show less
CVE-2007-2176 1Mozilla 1Firefox Apr 23, 2026 Apr 24, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
CVE-2007-2162 2Gnu Mozilla 2Firefox Iceweasel Apr 23, 2026 Apr 22, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demo...Show more (1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.Show less
CVE-2007-1970 1Mozilla 1Firefox Apr 23, 2026 Apr 11, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and...Show more Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.Show less
CVE-2007-1794 1Mozilla 1Mozilla Apr 23, 2026 Apr 2, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that...Show more The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.Show less
CVE-2007-1762 1Mozilla 1Firefox Apr 23, 2026 Mar 30, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters i...Show more Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs before checking them against the phishing site blacklist, which allows remote attackers to bypass phishing protection via multiple / (slash) characters in the URL.Show less
CVE-2007-1736 1Mozilla 1Firefox Apr 23, 2026 Mar 28, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.
CVE-2007-1562 2Canonical Mozilla 2Firefox Ubuntu Linux Apr 23, 2026 Mar 21, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive informat...Show more The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and 2.x before 2.0.0.3 allows remote attackers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.Show less
CVE-2007-1377 4Adobe MozillaNetscape+1 more 4Acrobat Reader FirefoxNavigator+1 more Apr 23, 2026 Mar 10, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier th...Show more AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, Netscape, or Opera, allows remote attackers to cause a denial of service (unspecified resource consumption) via a .pdf URL with an anchor identifier that begins with search= followed by many %n sequences, a different vulnerability than CVE-2006-6027 and CVE-2006-6236.Show less
CVE-2007-1282 1Mozilla 2Seamonkey Thunderbird Apr 23, 2026 Mar 6, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail mess...Show more Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.Show less
CVE-2007-0994 2Debian Mozilla 3Debian Linux FirefoxSeamonkey Apr 23, 2026 Mar 6, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail...Show more A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.Show less
CVE-2007-1256 1Mozilla 1Firefox Apr 23, 2026 Mar 3, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload a...Show more Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.Show less

Previous 1...160161162...179 Next