CVSS: 8.2EPSS: 14%CPEs: 30EXPL: 0CVE-2007-1084
https://notcve.org/view.php?id=CVE-2007-1084
23 Feb 2007 — Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page. Mozilla Firefox versión 2.0.0.1 y anteriores, no sugiere a los usuarios antes de guardar un bookmarklets, lo que permite a los atacantes remotos omitir la política del mismo dominio engañando a un usuario para que guarde un bookmarkle... • http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0490.html • CWE-16: Configuration •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2007-1004
https://notcve.org/view.php?id=CVE-2007-1004
19 Feb 2007 — Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar. Mozilla Firefox podría permitir a los atacantes remotos conducir ataques de suplantación y falsificación de identidad al escribir en una pestaña about:blank y sobreponer la barra de ubicación. • http://osvdb.org/33255 •
CVSS: 7.5EPSS: 96%CPEs: 51EXPL: 2CVE-2007-0981 – Mozilla Firefox 2.0.0.1 - 'location.hostname' Cross-Domain
https://notcve.org/view.php?id=CVE-2007-0981
16 Feb 2007 — Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code. Una vulnerabilidad en los navegadores basados ??en Mozilla, incluidos Firefox anterior a versión 1.5.0.10 y versión 2.x anterior a 2.0.0.2, y SeaMonkey anterior a versión 1.0.8... • https://www.exploit-db.com/exploits/3340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2006-6971
https://notcve.org/view.php?id=CVE-2006-6971
07 Feb 2007 — Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. Mozilla Firefox 2.0, posiblemente sólo cuando se ejecuta bajo Windows, permite a atacantes remotos evitar el mecanismo de Phishing mediante la representación de una dirección IP en l... • http://sla.ckers.org/forum/read.php?13%2C2253 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-0801
https://notcve.org/view.php?id=CVE-2007-0801
07 Feb 2007 — The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest. La función nsExternalAppHandler::SetUpTempFile del Mozilla Firefox 1.5.0.9 crea ficheros temporales con nombres de ficheros predecibles basados en la fecha de creación, lo que permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección... • http://secunia.com/advisories/24393 •
CVSS: 6.1EPSS: 45%CPEs: 1EXPL: 1CVE-2007-0800
https://notcve.org/view.php?id=CVE-2007-0800
07 Feb 2007 — Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocked popup. Vulnerabilidad de cruce de sitios en Mozilla Firefox 1.5.0.9 considera que las ventanas emergentes bloqueadas tienen un origen de zona interno, lo cual permite a usuarios remotos con la complicidad del usuario cruzar restricciones de zona y leer URIs ti... • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2007-0802
https://notcve.org/view.php?id=CVE-2007-0802
07 Feb 2007 — Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing Protection mechanism by adding certain characters to the end of the domain name, as demonstrated by the "." and "/" characters, which is not caught by the Phishing List blacklist filter. Mozilla Firefox 2.0.0.1 permite a atacantes remotos evitar el mecanismo de Protección de Phising añadiendo caracteres concretos al final del nombre de dominio, como se demuestra con los caractere "." y "/", que no se capturan por el filtro de lista negra... • http://archives.neohapsis.com/archives/fulldisclosure/2007-04/0516.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 78%CPEs: 48EXPL: 0CVE-2006-6498
https://notcve.org/view.php?id=CVE-2006-6498
20 Dec 2006 — Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. Múltiples vulnerabilidades en el motor de JavaScript para Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunde... • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc •
CVSS: 9.1EPSS: 52%CPEs: 9EXPL: 0CVE-2006-6501
https://notcve.org/view.php?id=CVE-2006-6501
20 Dec 2006 — Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. Vulnerabilidad no especificada en Mozilla Firefox 2.x anterior a 2.0.0.1, 1.5.x anterior a 1.5.0.9, Thunderbird anterior a 1.5.0.9, y SeaMonkey anterior a 1.0.7 permite a atacantes remotos obtener privilegios e instalar código malicioso mediante la función watch de... • ftp://patches.sgi.com/support/free/security/advisories/20061202-01-P.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 9%CPEs: 1EXPL: 0CVE-2006-6507
https://notcve.org/view.php?id=CVE-2006-6507
20 Dec 2006 — Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. Mozilla Firefox 2.0 anterior a 2.0.0.1 permite a atacantes remotos evitar la protección de secuencias de comandos en sitios cruzados (XSS) mediante vectores relacionados con un error de regresión de Function.prototype. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742 •