Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2584 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-0166 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2017-09-19 | N/A |
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. | ||||
CVE-2010-0165 | 1 Mozilla | 1 Firefox | 2017-09-19 | N/A |
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function. | ||||
CVE-2010-0162 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||||
CVE-2009-3988 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. | ||||
CVE-2009-3987 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain potentially sensitive information about installed software by making multiple calls that specify the ProgID values of different COM objects. | ||||
CVE-2009-3986 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | ||||
CVE-2009-3985 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. | ||||
CVE-2009-3984 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | N/A |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. | ||||
CVE-2009-3983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | N/A |
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||||
CVE-2009-3982 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | N/A |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2009-3981 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2009-3980 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2009-3979 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2009-3389 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | ||||
CVE-2009-3388 | 1 Mozilla | 2 Firefox, Seamonkey | 2017-09-19 | N/A |
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | ||||
CVE-2009-3383 | 1 Mozilla | 1 Firefox | 2017-09-19 | N/A |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2009-3382 | 1 Mozilla | 1 Firefox | 2017-09-19 | N/A |
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | ||||
CVE-2009-3381 | 1 Mozilla | 1 Firefox | 2017-09-19 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2009-3380 | 1 Mozilla | 1 Firefox | 2017-09-19 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2009-3379 | 1 Mozilla | 1 Firefox | 2017-09-19 | N/A |
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. |