Total
2387 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1988 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-10 | 10.0 HIGH | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than CVE-2009-1571. | |||||
| CVE-2010-1990 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. | |||||
| CVE-2010-1986 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. | |||||
| CVE-2010-2117 | 1 Mozilla | 1 Firefox | 2018-10-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs. | |||||
| CVE-2010-1987 | 2 Microsoft, Mozilla | 2 Windows Xp, Firefox | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. | |||||
| CVE-2010-1585 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-10 | 9.3 HIGH | N/A |
| The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. | |||||
| CVE-2010-1199 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-10 | 9.3 HIGH | N/A |
| Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. | |||||
| CVE-2010-1125 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 5.8 MEDIUM | N/A |
| The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. | |||||
| CVE-2010-0164 | 1 Mozilla | 1 Firefox | 2018-10-10 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values. | |||||
| CVE-2010-0160 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 10.0 HIGH | N/A |
| The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2009-2953 | 1 Mozilla | 1 Firefox | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715. | |||||
| CVE-2009-3014 | 1 Mozilla | 3 Firefox, Mozilla, Seamonkey | 2018-10-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location HTTP response header or (2) specifying the content of a Location HTTP response header. | |||||
| CVE-2009-2479 | 1 Mozilla | 1 Firefox | 2018-10-10 | 7.8 HIGH | N/A |
| Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox. | |||||
| CVE-2009-2011 | 2 Dxstudio, Mozilla | 2 Dx Studio Player, Firefox | 2018-10-10 | 9.3 HIGH | N/A |
| Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method. | |||||
| CVE-2009-1828 | 1 Mozilla | 1 Firefox | 2018-10-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected. | |||||
| CVE-2009-1837 | 1 Mozilla | 1 Firefox | 2018-10-10 | 9.3 HIGH | N/A |
| Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object. | |||||
| CVE-2009-1827 | 1 Mozilla | 1 Firefox | 2018-10-10 | 5.0 MEDIUM | N/A |
| The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop." | |||||
| CVE-2009-1571 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations. | |||||
| CVE-2009-1312 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected. | |||||
| CVE-2009-1044 | 2 Microsoft, Mozilla | 2 Windows 7, Firefox | 2018-10-10 | 9.3 HIGH | N/A |
| Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | |||||