Mozilla Firefox 130.0.1

CPE Details

Mozilla Firefox 130.0.1
130.0.1
2024-10-16
17h59 +00:00
2024-10-16
18h01 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:mozilla:firefox:130.0.1:*:*:*:-:*:*:*

Informations

Vendor

mozilla

Product

firefox

Version

130.0.1

Software Edition

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-27424 2025-03-04 13h31 +00:00 Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page This vulnerability affects Firefox for iOS < 136.
4.3
Medium
CVE-2025-1942 2025-03-04 13h31 +00:00 When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result string This vulnerability affects Firefox < 136 and Thunderbird < 136.
9.8
Critical
CVE-2025-1941 2025-03-04 13h31 +00:00 Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed (distinct from CVE-2025-0245). This vulnerability affects Firefox < 136.
9.1
Critical
CVE-2025-1932 2025-03-04 13h31 +00:00 An inconsistent comparator in xslt/txNodeSorter could have resulted in potentially exploitable out-of-bounds access. Only affected version 122 and later. This vulnerability affects Firefox < 136, Firefox ESR < 128.8, Thunderbird < 136, and Thunderbird < 128.8.
8.1
High
CVE-2025-1414 2025-02-18 13h39 +00:00 Memory safety bugs present in Firefox 135. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135.0.1.
6.5
Medium
CVE-2025-1020 2025-02-04 13h58 +00:00 Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135 and Thunderbird < 135.
9.8
Critical
CVE-2025-1017 2025-02-04 13h58 +00:00 Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8
Critical
CVE-2025-1016 2025-02-04 13h58 +00:00 Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8
Critical
CVE-2025-1014 2025-02-04 13h58 +00:00 Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
8.8
High
CVE-2025-1019 2025-02-04 13h58 +00:00 The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
4.3
Medium
CVE-2025-1012 2025-02-04 13h58 +00:00 A race during concurrent delazification could have led to a use-after-free. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8
Critical
CVE-2025-1011 2025-02-04 13h58 +00:00 A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8
Critical
CVE-2025-1018 2025-02-04 13h58 +00:00 The fullscreen notification is prematurely hidden when fullscreen is re-requested quickly by the user. This could have been leveraged to perform a potential spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135.
7.3
High
CVE-2025-1010 2025-02-04 13h58 +00:00 An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8
Critical
CVE-2025-1009 2025-02-04 13h58 +00:00 An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135.
9.8
Critical
CVE-2024-10468 2024-10-29 12h19 +00:00 Potential race conditions in IndexedDB could have caused memory corruption, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132 and Thunderbird < 132.
9.8
Critical
CVE-2024-10467 2024-10-29 12h19 +00:00 Memory safety bugs present in Firefox 131, Firefox ESR 128.3, and Thunderbird 128.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
9.8
Critical
CVE-2024-10466 2024-10-29 12h19 +00:00 By sending a specially crafted push message, a remote server could have hung the parent process, causing the browser to become unresponsive. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
7.5
High
CVE-2024-10465 2024-10-29 12h19 +00:00 A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
7.5
High
CVE-2024-10464 2024-10-29 12h19 +00:00 Repeated writes to history interface attributes could have been used to cause a Denial of Service condition in the browser. This was addressed by introducing rate-limiting to this API. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
7.5
High
CVE-2024-10463 2024-10-29 12h19 +00:00 Video frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
7.5
High
CVE-2024-10462 2024-10-29 12h19 +00:00 Truncation of a long URL could have allowed origin spoofing in a permission prompt. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
7.5
High
CVE-2024-10461 2024-10-29 12h19 +00:00 In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
6.1
Medium
CVE-2024-10460 2024-10-29 12h19 +00:00 The origin of an external protocol handler prompt could have been obscured using a data: URL within an `iframe`. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Thunderbird < 128.4, and Thunderbird < 132.
5.4
Medium
CVE-2024-10459 2024-10-29 12h19 +00:00 An attacker could have caused a use-after-free when accessibility was enabled, leading to a potentially exploitable crash. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
7.5
High
CVE-2024-10458 2024-10-29 12h19 +00:00 A permission leak could have occurred from a trusted site to an untrusted site via `embed` or `object` elements. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, Firefox ESR < 115.17, Thunderbird < 128.4, and Thunderbird < 132.
7.5
High
CVE-2024-9936 2024-10-14 13h41 +00:00 When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.
6.5
Medium
CVE-2024-9680 2024-10-09 12h59 +00:00 An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.
9.8
Critical
CVE-2024-9403 2024-10-01 15h13 +00:00 Memory safety bugs present in Firefox 130. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 131 and Thunderbird < 131.
7.3
High
CVE-2024-9399 2024-10-01 15h13 +00:00 A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
7.5
High
CVE-2024-9398 2024-10-01 15h13 +00:00 By checking the result of calls to `window.open` with specifically set protocol handlers, an attacker could determine if the application which implements that protocol handler is installed. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
5.3
Medium
CVE-2024-9397 2024-10-01 15h13 +00:00 A missing delay in directory upload UI could have made it possible for an attacker to trick a user into granting permission via clickjacking. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Thunderbird < 128.3, and Thunderbird < 131.
6.1
Medium
CVE-2024-9394 2024-10-01 15h13 +00:00 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://devtools` origin. This could allow them to access cross-origin JSON content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
7.5
High
CVE-2024-9393 2024-10-01 15h13 +00:00 An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the `resource://pdf.js` origin. This could allow them to access cross-origin PDF content. This access is limited to "same site" documents by the Site Isolation feature on desktop clients, but full cross-origin access is possible on Android versions. This vulnerability affects Firefox < 131, Firefox ESR < 128.3, Firefox ESR < 115.16, Thunderbird < 128.3, and Thunderbird < 131.
7.5
High
CVE-2016-7152 2016-09-06 08h00 +00:00 The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
5.3
Medium
CVE-2016-7153 2016-09-06 08h00 +00:00 The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack.
5.3
Medium
CVE-2013-6853 2014-01-26 00h00 +00:00 Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.
4.3
CVE-2014-0387 2014-01-15 00h33 +00:00 Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
7.6
CVE-2013-6901 2013-12-05 10h00 +00:00 Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
CVE-2013-6903 2013-12-05 10h00 +00:00 Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
CVE-2013-6904 2013-12-05 10h00 +00:00 Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
CVE-2013-6905 2013-12-05 10h00 +00:00 Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
CVE-2013-6911 2013-12-05 10h00 +00:00 Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3.5
CVE-2013-1489 2013-01-31 13h10 +00:00 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
10
CVE-2012-4929 2012-09-15 16h00 +00:00 The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
2.6
CVE-2012-4930 2012-09-15 16h00 +00:00 The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google Chrome, and other products, can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
2.6
CVE-2011-3384 2011-09-08 18h00 +00:00 Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102.
4.3
CVE-2011-0341 2011-05-13 15h00 +00:00 Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.
9.3
CVE-2011-0012 2011-04-18 17h00 +00:00 The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows local users to overwrite arbitrary files via a symlink attack on the usbrdrctl log file, which has a predictable name.
3.3
CVE-2011-1179 2011-04-18 15h00 +00:00 The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) plugin/nsScriptablePeer.cpp and (2) plugin/plugin.cpp, which trigger multiple uses of an uninitialized pointer.
5.1
CVE-2011-0064 2011-03-07 19h00 +00:00 The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via crafted OpenType font data that triggers use of an incorrect index.
6.8
CVE-2010-2792 2010-08-30 17h00 +00:00 Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to obtain sensitive information, and conduct man-in-the-middle attacks, by providing a UNIX socket for communication between this plug-in and the client (aka qspice-client) in qspice 0.3.0, and then accessing this socket.
3.3
CVE-2010-2794 2010-08-30 17h00 +00:00 The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file.
3.3
CVE-2009-4630 2010-01-29 18h00 +00:00 Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case."
5
CVE-2009-4129 2009-12-14 16h00 +00:00 Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
5.8
CVE-2009-4130 2009-12-14 16h00 +00:00 Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
5.8
CVE-2009-4127 2009-12-02 19h00 +00:00 Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
9.3
CVE-2009-4100 2009-11-28 10h00 +00:00 Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
9.3
CVE-2009-4101 2009-11-28 10h00 +00:00 infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
9.3
CVE-2009-4102 2009-11-28 10h00 +00:00 Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
9.3
CVE-2009-3478 2009-09-29 23h00 +00:00 Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe.
6
CVE-2009-2404 2009-08-03 12h00 +00:00 Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
9.3
CVE-2009-2469 2009-07-22 16h00 +00:00 Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.
10
CVE-2009-2011 2009-06-16 18h26 +00:00 Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
9.3
CVE-2009-1597 2009-05-11 13h19 +00:00 Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."
9.3
CVE-2009-0068 2009-01-07 18h00 +00:00 Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
6.8
CVE-2008-5697 2008-12-22 14h00 +00:00 The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
4.3
CVE-2008-4821 2008-11-10 10h00 +00:00 Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is used, does not properly interpret jar: URLs, which allows attackers to obtain sensitive information via unknown vectors.
4.3
CVE-2008-4059 2008-09-24 16h00 +00:00 The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
7.5
CVE-2008-2399 2008-05-22 08h00 +00:00 Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
9.3
CVE-2007-6715 2008-04-17 20h00 +00:00 Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
4.3
CVE-2003-1492 2007-10-24 21h00 +00:00 Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.
5
CVE-2007-5274 2007-10-08 21h00 +00:00 Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.
2.6
CVE-2007-4013 2007-07-25 23h00 +00:00 Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gateway Standard Edition before 4.5.5 and Advanced Edition before 4.5 HF1 have unknown impact and attack vectors, possibly related to buffer overflows. NOTE: vector 3 might overlap CVE-2007-3679.
9.3
CVE-2007-3827 2007-07-17 19h00 +00:00 Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript: window.
5
CVE-2007-3670 2007-07-10 17h00 +00:00 Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
4.3
CVE-2007-2176 2007-04-24 14h00 +00:00 Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
10
CVE-2007-1970 2007-04-11 08h00 +00:00 Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.
5
CVE-2007-0896 2007-02-13 10h00 +00:00 Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "