Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2584 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-6167 | 1 Mozilla | 1 Firefox | 2014-02-18 | N/A |
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response. | ||||
CVE-2013-6901 | 2 Cybozu, Mozilla | 2 Garoon, Firefox | 2013-12-13 | N/A |
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2013-1729 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2013-10-04 | N/A |
The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA graphics drivers are used on Mac OS X, allows remote attackers to obtain desktop-screenshot data by reading from a CANVAS element. | ||||
CVE-2013-1727 | 2 Google, Mozilla | 2 Android, Firefox | 2013-10-04 | N/A |
Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by using a symlink in conjunction with a file: URL for a local file. | ||||
CVE-2013-1731 | 2 Google, Mozilla | 2 Android, Firefox | 2013-10-04 | N/A |
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory. | ||||
CVE-2013-0790 | 2 Google, Mozilla | 2 Android, Firefox | 2013-06-05 | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. | ||||
CVE-2013-0798 | 2 Google, Mozilla | 2 Android, Firefox | 2013-06-05 | N/A |
Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. | ||||
CVE-2012-3987 | 2 Google, Mozilla | 2 Android, Firefox | 2013-05-04 | N/A |
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | ||||
CVE-2012-3979 | 2 Google, Mozilla | 4 Android, Firefox, Firefox Esr and 1 more | 2013-03-26 | N/A |
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. | ||||
CVE-2012-4930 | 2 Google, Mozilla | 2 Chrome, Firefox | 2013-01-30 | N/A |
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. | ||||
CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2012-02-17 | N/A |
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | ||||
CVE-2011-0012 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2011-04-18 | N/A |
The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name. | ||||
CVE-2007-4013 | 2 Citrix, Mozilla | 3 Access Gateway, Endpoint Analysis Client, Firefox | 2011-03-08 | N/A |
Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679. | ||||
CVE-2006-6507 | 1 Mozilla | 1 Firefox | 2011-03-08 | N/A |
Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. | ||||
CVE-2006-6506 | 1 Mozilla | 1 Firefox | 2011-03-08 | N/A |
The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits. | ||||
CVE-2010-2792 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2011-01-11 | N/A |
Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket. | ||||
CVE-2010-2794 | 2 Mozilla, Redhat | 2 Firefox, Spice-xpi | 2010-09-08 | N/A |
The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file. | ||||
CVE-2009-2468 | 1 Mozilla | 1 Firefox | 2009-09-16 | N/A |
Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194. | ||||
CVE-2009-2665 | 1 Mozilla | 1 Firefox | 2009-09-04 | N/A |
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted web page, related to an incorrect security wrapper. | ||||
CVE-2009-2662 | 1 Mozilla | 1 Firefox | 2009-09-04 | N/A |
The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors. |