You are currently viewing a snapshot of taken on April 21, 2008. Most of this content is highly out of date (some pages haven't been updated since the project began in 1998) and exists for historical purposes only. If there are any pages on this archive site that you think should be added back to, please file a bug.

Mozilla Foundation Security Advisories

This page indexes security advisories issued by the Mozilla Foundation for all products. Please see the Known Vulnerabilities page for a breakdown by product and version.

Impact key:
  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to interact gather sensitive data from other sites the user is visiting or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

April 16, 2008

MFSA 2008-20 Crash in JavaScript garbage collector

March 25, 2008

MFSA 2008-19 XUL popup spoofing variant (cross-tab popups)
MFSA 2008-18 Java socket connection to any local port via LiveConnect
MFSA 2008-17 Privacy issue with SSL Client Authentication
MFSA 2008-16 HTTP Referrer spoofing with malformed URLs
MFSA 2008-15 Crashes with evidence of memory corruption (rv:
MFSA 2008-14 JavaScript privilege escalation and arbitrary code execution
MFSA 2008-13 Multiple XSS vulnerabilities from character encoding

February 26, 2008

MFSA 2008-12 Heap buffer overflow in external MIME bodies

February 19, 2008

MFSA 2008-07 Possible information disclosure in BMP decoder

February 7, 2008

MFSA 2008-11 Web forgery overwrite with div overlay
MFSA 2008-10 URL token stealing via stylesheet redirect
MFSA 2008-09 Mishandling of locally-saved plain text files
MFSA 2008-08 File action dialog tampering
MFSA 2008-06 Web browsing history and forward navigation stealing
MFSA 2008-05 Directory traversal via chrome: URI
MFSA 2008-04 Stored password corruption
MFSA 2008-03 Privilege escalation, XSS, Remote Code Execution
MFSA 2008-02 Multiple file input focus stealing vulnerabilities
MFSA 2008-01 Crashes with evidence of memory corruption (rv:

December 19, 2007

MFSA 2007-40 Updated Thunderbird missing fix for MFSA 2007-23

November 26, 2007

MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:
MFSA 2007-37 jar: URI scheme XSS hazard

October 18, 2007

MFSA 2007-36 URIs with invalid %-encoding mishandled by Windows
MFSA 2007-35 XPCNativeWrapper pollution using Script object
MFSA 2007-34 Possible file stealing through sftp protocol
MFSA 2007-33 XUL pages can hide the window titlebar
MFSA 2007-32 File input focus stealing vulnerability
MFSA 2007-31 Browser digest authentication request splitting
MFSA 2007-30 onUnload Tailgating
MFSA 2007-29 Crashes with evidence of memory corruption (rv:

September 18, 2007

MFSA 2007-28 Code execution via QuickTime Media-link files

July 30, 2007

MFSA 2007-27 Unescaped URIs passed to external programs
MFSA 2007-26 Privilege escalation through chrome-loaded about:blank windows

July 17, 2007

MFSA 2007-25 XPCNativeWrapper pollution
MFSA 2007-24 Unauthorized access to wyciwyg:// documents
MFSA 2007-23 Remote code execution by launching Firefox from Internet Explorer
MFSA 2007-22 File type confusion due to %00 in name
MFSA 2007-21 Privilege escallation using an event handler attached to an element not in the document
MFSA 2007-20 Frame spoofing while window is loading
MFSA 2007-19 XSS using addEventListener and setTimeout
MFSA 2007-18 Crashes with evidence of memory corruption (rv:

May 30, 2007

MFSA 2007-17 XUL Popup Spoofing
MFSA 2007-16 XSS using addEventListener
MFSA 2007-15 Security Vulnerability in APOP Authentication
MFSA 2007-14 Path Abuse in Cookies
MFSA 2007-13 Persistent Autocomplete Denial of Service
MFSA 2007-12 Crashes with evidence of memory corruption (rv:

March 20, 2007

MFSA 2007-11 FTP PASV port-scanning

March 5, 2007

MFSA 2007-10 Potential integer overflow with text/enhanced mail
MFSA 2007-09 Privilege escalation by setting img.src to javascript: URI

February 25, 2007

MFSA 2007-08 onUnload + document.write() memory corruption

February 23, 2007

MFSA 2007-07 Embedded nulls in location.hostname confuse same-domain checks
MFSA 2007-06 Mozilla Network Security Services (NSS) SSLv2 buffer overflow
MFSA 2007-05 XSS and local file access by opening blocked popups
MFSA 2007-04 Spoofing using custom cursor and CSS3 hotspot
MFSA 2007-03 Information disclosure through cache collisions
MFSA 2007-02 Improvements to help protect against Cross-Site Scripting attacks
MFSA 2007-01 Crashes with evidence of memory corruption (rv:

December 19, 2006

MFSA 2006-76 XSS using outer window's Function object
MFSA 2006-75 RSS Feed-preview referrer leak
MFSA 2006-74 Mail header processing heap overflows
MFSA 2006-73 Mozilla SVG Processing Remote Code Execution
MFSA 2006-72 XSS by setting img.src to javascript: URI
MFSA 2006-71 LiveConnect crash finalizing JS objects
MFSA 2006-70 Privilege escalation using watch point
MFSA 2006-69 CSS cursor image buffer overflow (Windows only)
MFSA 2006-68 Crashes with evidence of memory corruption (rv:

November 7, 2006

MFSA 2006-67 Running Script can be recompiled
MFSA 2006-66 RSA signature forgery (variant)
MFSA 2006-65 Crashes with evidence of memory corruption (rv:

September 14, 2006

MFSA 2006-64 Crashes with evidence of memory corruption (rv:
MFSA 2006-63 JavaScript execution in mail via XBL
MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
MFSA 2006-61 Frame spoofing using
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption

July 26, 2006

MFSA 2006-56 chrome: scheme loading remote content
MFSA 2006-55 Crashes with evidence of memory corruption (rv:
MFSA 2006-54 XSS with XPCNativeWrapper(window).Function(...)
MFSA 2006-53 UniversalBrowserRead privilege escalation
MFSA 2006-52 PAC privilege escalation using
MFSA 2006-51 Privilege escalation using named-functions and redefined "new Object()"
MFSA 2006-50 JavaScript engine vulnerabilities
MFSA 2006-49 Heap buffer overwrite on malformed VCard
MFSA 2006-48 JavaScript new Function race condition
MFSA 2006-47 Native DOM methods can be hijacked across domains
MFSA 2006-46 Memory corruption with simultaneous events
MFSA 2006-45 Javascript navigator Object Vulnerability
MFSA 2006-44 Code execution through deleted frame reference

June 1, 2006

MFSA 2006-43 Privilege escalation using addSelectionListener
MFSA 2006-42 Web site XSS using BOM on UTF-8 pages
MFSA 2006-41 File stealing by changing input type (variant)
MFSA 2006-40 Double-free on malformed VCard
MFSA 2006-39 "View Image" local resource linking (Windows)
MFSA 2006-38 Buffer overflow in crypto.signText()
MFSA 2006-37 Remote compromise via content-defined setter on object prototypes
MFSA 2006-36 PLUGINSPAGE privileged JavaScript execution 2
MFSA 2006-35 Privilege escalation through XUL persist
MFSA 2006-34 XSS viewing javascript: frames or images from context menu
MFSA 2006-33 HTTP response smuggling
MFSA 2006-32 Fixes for crashes with potential memory corruption (rv:
MFSA 2006-31 EvalInSandbox escape (Proxy Autoconfig, Greasemonkey)

May 2, 2006

MFSA 2006-30 Deleted object reference when designMode="on"

April 21, 2006

MFSA 2006-27 Table Rebuilding Code Execution Vulnerability
MFSA 2006-21 JavaScript execution in mail when forwarding in-line

April 13, 2006

MFSA 2006-29 Spoofing with translucent windows
MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
MFSA 2006-26 Mail Multiple Information Disclosure
MFSA 2006-25 Privilege escalation through Print Preview
MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA 2006-23 File stealing by changing input type
MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA 2006-20 Crashes with evidence of memory corruption (rv:
MFSA 2006-19 Cross-site scripting using
MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
MFSA 2006-17 cross-site scripting through window.controllers
MFSA 2006-16 Accessing XBL compilation scope via
MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
MFSA 2006-14 Privilege escalation via XBL.method.eval
MFSA 2006-13 Downloading executables with "Save Image As..."
MFSA 2006-12 Secure-site spoof (requires security warning dialog)
MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
MFSA 2006-10 JavaScript garbage-collection hazard audit
MFSA 2006-09 Cross-site JavaScript injection using event handlers

February 1, 2006

MFSA 2006-08 "AnyName" entrainment and access control hazard
MFSA 2006-07 Read beyond buffer while parsing XML
MFSA 2006-06 Integer overflows in E4X, SVG and Canvas
MFSA 2006-05 Localstore.rdf XML injection through XULDocument.persist()
MFSA 2006-04 Memory corruption via QueryInterface on Location, Navigator objects
MFSA 2006-03 Long document title causes startup denial of Service
MFSA 2006-02 Changing postion:relative to static corrupts memory
MFSA 2006-01 JavaScript garbage-collection hazards

September 22, 2005

MFSA 2005-59 Command-line handling on Linux allows shell execution
MFSA 2005-58 Firefox 1.0.7 / Mozilla Suite 1.7.12 Vulnerability Fixes
MFSA 2005-57 IDN heap overrun using soft-hyphens

July 12, 2005

MFSA 2005-56 Code execution through shared function objects
MFSA 2005-55 XHTML node spoofing
MFSA 2005-54 Javascript prompt origin spoofing
MFSA 2005-53 Standalone applications can run arbitrary code through the browser
MFSA 2005-52 Same origin violation: frame calling top.focus()
MFSA 2005-51 The return of frame-injection spoofing
MFSA 2005-50 Exploitable crash in InstallVersion.compareTo()
MFSA 2005-49 Script injection from Firefox sidebar panel using data:
MFSA 2005-48 Same-origin violation with InstallTrigger callback
MFSA 2005-47 Code execution via "Set as Wallpaper"
MFSA 2005-46 XBL scripts ran even when Javascript disabled
MFSA 2005-45 Content-generated event vulnerabilities

May 11, 2005

MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks

May 8, 2005

MFSA 2005-42 Code execution via javascript: IconURL

April 15, 2005

MFSA 2005-41 Privilege escalation via DOM property overrides
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-33 Javascript "lambda" replace exposes memory contents

March 22, 2005

MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2

February 24, 2005

MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing

January 21, 2005

MFSA 2005-12 javascript: Livefeed bookmarks can steal private data
MFSA 2005-11 Mail client responds to cookie requests
MFSA 2005-10 javascript: links launch Internet Explorer
MFSA 2005-09 Browser responds to proxy auth request from non-proxy ssl server
MFSA 2005-08 Synthetic middle-click event can steal clipboard contents
MFSA 2005-07 Script-generated event can download content without prompting
MFSA 2005-06 Heap overrun handling malicious news: URL
MFSA 2005-05 Input stealing from other tabs
MFSA 2005-04 Secure site lock can be spoofed using view-source:
MFSA 2005-03 Secure site lock can be spoofed by a binary download
MFSA 2005-02 Opened attachments are temporarily saved world-readable
MFSA 2005-01 Link opened in new tab can load local file