Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-0594

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-09 Feb, 2008 | 00:00
Updated At-07 Aug, 2024 | 07:54
Rejected At-
Credits

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:09 Feb, 2008 | 00:00
Updated At:07 Aug, 2024 | 07:54
Rejected At:
▼CVE Numbering Authority (CNA)

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/usn-576-1
vendor-advisory
x_refsource_UBUNTU
http://browser.netscape.com/releasenotes/
x_refsource_CONFIRM
http://secunia.com/advisories/28939
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1506
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/30620
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28865
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0453/references
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/28877
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28879
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/29567
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28958
third-party-advisory
x_refsource_SECUNIA
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
x_refsource_CONFIRM
http://secunia.com/advisories/30327
third-party-advisory
x_refsource_SECUNIA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
vendor-advisory
x_refsource_SUNALERT
http://www.debian.org/security/2008/dsa-1489
vendor-advisory
x_refsource_DEBIAN
http://www.securityfocus.com/archive/1/488002/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/487826/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/29086
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/28864
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1485
vendor-advisory
x_refsource_DEBIAN
http://secunia.com/advisories/28924
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/27683
vdb-entry
x_refsource_BID
http://www.vupen.com/english/advisories/2008/1793/references
vdb-entry
x_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
vendor-advisory
x_refsource_SUSE
http://www.securitytracker.com/id?1019342
vdb-entry
x_refsource_SECTRACK
http://www.mozilla.org/security/announce/2008/mfsa2008-11.html
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
vendor-advisory
x_refsource_FEDORA
http://wiki.rpath.com/Advisories:rPSA-2008-0051
x_refsource_CONFIRM
http://www.debian.org/security/2008/dsa-1484
vendor-advisory
x_refsource_DEBIAN
http://www.vupen.com/english/advisories/2008/0627/references
vdb-entry
x_refsource_VUPEN
https://bugzilla.mozilla.org/show_bug.cgi?id=408164
x_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
vendor-advisory
x_refsource_GENTOO
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
vendor-advisory
x_refsource_FEDORA
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.ubuntu.com/usn/usn-576-1
Resource:
vendor-advisory
x_refsource_UBUNTU
Hyperlink: http://browser.netscape.com/releasenotes/
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/28939
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1506
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/30620
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28865
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2008/0453/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/28877
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28879
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/29567
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28958
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/30327
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.debian.org/security/2008/dsa-1489
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/archive/1/488002/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/487826/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/29086
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/28864
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2008/dsa-1485
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://secunia.com/advisories/28924
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/27683
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.vupen.com/english/advisories/2008/1793/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.securitytracker.com/id?1019342
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.mozilla.org/security/announce/2008/mfsa2008-11.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0051
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2008/dsa-1484
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.vupen.com/english/advisories/2008/0627/references
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=408164
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Resource:
vendor-advisory
x_refsource_MANDRIVA
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.ubuntu.com/usn/usn-576-1
vendor-advisory
x_refsource_UBUNTU
x_transferred
http://browser.netscape.com/releasenotes/
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/28939
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1506
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/30620
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28865
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2008/0453/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/28877
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28879
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/29567
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28958
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/30327
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.debian.org/security/2008/dsa-1489
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.securityfocus.com/archive/1/488002/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/487826/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/29086
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/28864
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2008/dsa-1485
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://secunia.com/advisories/28924
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/27683
vdb-entry
x_refsource_BID
x_transferred
http://www.vupen.com/english/advisories/2008/1793/references
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.securitytracker.com/id?1019342
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.mozilla.org/security/announce/2008/mfsa2008-11.html
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2008-0051
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2008/dsa-1484
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.vupen.com/english/advisories/2008/0627/references
vdb-entry
x_refsource_VUPEN
x_transferred
https://bugzilla.mozilla.org/show_bug.cgi?id=408164
x_refsource_CONFIRM
x_transferred
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.ubuntu.com/usn/usn-576-1
Resource:
vendor-advisory
x_refsource_UBUNTU
x_transferred
Hyperlink: http://browser.netscape.com/releasenotes/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/28939
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1506
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/30620
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28865
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0453/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/28877
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28879
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/29567
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28958
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/30327
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1489
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/488002/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/487826/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/29086
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/28864
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1485
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://secunia.com/advisories/28924
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/27683
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/1793/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.securitytracker.com/id?1019342
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2008/mfsa2008-11.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0051
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2008/dsa-1484
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/0627/references
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=408164
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:09 Feb, 2008 | 01:00
Updated At:15 Oct, 2018 | 22:01

Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
Mozilla Corporation
mozilla
>>firefox>>Versions up to 2.0.0.11(inclusive)
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-02-12T00:00:00

Not vulnerable. This does not affect the versions of Firefox or SeaMonkey shipped in Red Hat Enterprise Linux.

References
HyperlinkSourceResource
http://browser.netscape.com/releasenotes/secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/28864secalert@redhat.com
N/A
http://secunia.com/advisories/28865secalert@redhat.com
N/A
http://secunia.com/advisories/28877secalert@redhat.com
N/A
http://secunia.com/advisories/28879secalert@redhat.com
N/A
http://secunia.com/advisories/28924secalert@redhat.com
N/A
http://secunia.com/advisories/28939secalert@redhat.com
N/A
http://secunia.com/advisories/28958secalert@redhat.com
N/A
http://secunia.com/advisories/29086secalert@redhat.com
N/A
http://secunia.com/advisories/29567secalert@redhat.com
N/A
http://secunia.com/advisories/30327secalert@redhat.com
N/A
http://secunia.com/advisories/30620secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1secalert@redhat.com
N/A
http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.htmlsecalert@redhat.com
N/A
http://wiki.rpath.com/Advisories:rPSA-2008-0051secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1484secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1485secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1489secalert@redhat.com
N/A
http://www.debian.org/security/2008/dsa-1506secalert@redhat.com
N/A
http://www.gentoo.org/security/en/glsa/glsa-200805-18.xmlsecalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2008:048secalert@redhat.com
N/A
http://www.mozilla.org/security/announce/2008/mfsa2008-11.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/487826/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/488002/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/27683secalert@redhat.com
N/A
http://www.securitytracker.com/id?1019342secalert@redhat.com
N/A
http://www.ubuntu.com/usn/usn-576-1secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/0453/referencessecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/0627/referencessecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/1793/referencessecalert@redhat.com
N/A
https://bugzilla.mozilla.org/show_bug.cgi?id=408164secalert@redhat.com
Exploit
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.htmlsecalert@redhat.com
N/A
Hyperlink: http://browser.netscape.com/releasenotes/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28864
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28865
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28877
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28879
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28924
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28939
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28958
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29086
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29567
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30327
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30620
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2008-0051
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1484
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1485
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1489
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2008/dsa-1506
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2008:048
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mozilla.org/security/announce/2008/mfsa2008-11.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/487826/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/488002/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/27683
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1019342
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/usn-576-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0453/references
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0627/references
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1793/references
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=408164
Source: secalert@redhat.com
Resource:
Exploit
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

115Records found
CVE-2008-1238
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.24% / 90.52%
||
7 Day CHG~0.00%
Published-27 Mar, 2008 | 10:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxseamonkeyn/a
CWE ID-CWE-287
Improper Authentication
CVE-2008-0367
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.65% / 69.76%
||
7 Day CHG~0.00%
Published-18 Jan, 2008 | 23:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when prompting for HTTP Basic Authentication, displays the site requesting the authentication after the Realm text, which might make it easier for remote HTTP servers to conduct phishing and spoofing attacks.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2007-4357
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.56% / 67.22%
||
7 Day CHG~0.00%
Published-15 Aug, 2007 | 00:00
Updated-07 Aug, 2024 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof the contents of the status bar via a link to a data: URI containing an encoded URL. NOTE: the severity of this issue has been disputed by a reliable third party, since the intended functionality of the status bar allows it to be modified.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2018-5121
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.03% / 76.41%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 05:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Low descenders on some Tibetan characters in several fonts on OS X are clipped when rendered in the addressbar. When used as part of an Internationalized Domain Name (IDN) this can be used for domain name spoofing attacks. Note: This attack only affects OS X operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 58.

Action-Not Available
Vendor-Mozilla CorporationApple Inc.
Product-firefoxmac_os_xFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9072
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.92%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsFirefox
CWE ID-CWE-254
Not Available
CVE-2016-9065
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 57.95%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla CorporationGoogle LLC
Product-firefoxandroidFirefox
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1940
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 54.66%
||
7 Day CHG~0.00%
Published-31 Jan, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via a data: URL that is mishandled during (1) shortcut opening or (2) BOOKMARK intent processing.

Action-Not Available
Vendor-n/aGoogle LLCMozilla Corporation
Product-firefoxandroidn/a
CVE-2004-0763
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-17.69% / 94.85%
||
7 Day CHG~0.00%
Published-03 Aug, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-7197
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.74% / 71.93%
||
7 Day CHG~0.00%
Published-05 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CVE-2015-0816
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-85.37% / 99.32%
||
7 Day CHG~0.00%
Published-01 Apr, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxfirefox_esrthunderbirdn/a
CVE-2014-1539
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.84% / 73.74%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

Action-Not Available
Vendor-n/aMozilla CorporationApple Inc.
Product-firefoxmac_os_xthunderbirdn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2016-9902
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 60.58%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-enterprise_linux_serverenterprise_linux_server_eusfirefoxfirefox_esrenterprise_linux_server_ausenterprise_linux_workstationenterprise_linux_desktopFirefoxFirefox ESR
CWE ID-CWE-346
Origin Validation Error
CVE-2016-9073
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 73.92%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-06 Aug, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox
CWE ID-CWE-264
Not Available
CVE-2017-7765
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.35%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Mark of the Web" was not correctly saved on Windows when files with very long names were downloaded from the Internet. Without the Mark of the Web data, the security warning that Windows displays before running executables downloaded from the Internet is not shown. Note: This attack only affects Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.

Action-Not Available
Vendor-Mozilla CorporationMicrosoft Corporation
Product-firefoxwindowsthunderbirdfirefox_esrFirefoxFirefox ESRThunderbird
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7829
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.57% / 80.77%
||
7 Day CHG~0.00%
Published-11 Jun, 2018 | 21:00
Updated-05 Aug, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird < 52.5.2.

Action-Not Available
Vendor-Canonical Ltd.Red Hat, Inc.Mozilla CorporationDebian GNU/Linux
Product-enterprise_linux_serverubuntu_linuxthunderbirddebian_linuxenterprise_linux_workstationenterprise_linux_ausenterprise_linux_eusenterprise_linux_desktopThunderbird
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found