Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seamonkey
(Mozilla)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 705 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-03-27 | CVE-2008-1238 | Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms. | Firefox, Seamonkey | N/A | ||
| 2007-10-21 | CVE-2007-5339 | Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption or assert errors. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2007-10-21 | CVE-2007-5340 | Multiple vulnerabilities in the Javascript engine in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service (crash) via crafted HTML that triggers memory corruption. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2007-11-26 | CVE-2007-5960 | Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent. | Firefox, Seamonkey | N/A | ||
| 2008-02-08 | CVE-2008-0414 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." | Firefox, Seamonkey | N/A | ||
| 2008-11-13 | CVE-2008-5016 | The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5511 | Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document." | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5513 | Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data. | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A | ||
| 2009-03-05 | CVE-2009-0771 | The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2009-04-22 | CVE-2009-1308 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing. | Firefox, Seamonkey, Thunderbird | N/A |