VYPR

apk package

wolfi/firefox

pkg:apk/wolfi/firefox

Vulnerabilities (219)

  • CVE-2012-4929Sep 15, 2012
    affected < 0fixed 0

    The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing

  • CVE-2011-3389Sep 6, 2011
    affected < 0fixed 0

    The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to ob

  • CVE-2011-0064Mar 7, 2011
    affected < 0fixed 0

    The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in Pango 1.28.3, Firefox, and other products, does not verify that memory reallocations succeed, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possib

  • CVE-2009-4630Jan 29, 2010
    affected < 0fixed 0

    Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS req

  • CVE-2009-4130Dec 14, 2009
    affected < 0fixed 0

    Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.

  • CVE-2009-4129Dec 14, 2009
    affected < 0fixed 0

    Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.

  • CVE-2009-4102Nov 29, 2009
    affected < 0fixed 0

    Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.

  • CVE-2009-2409Jul 30, 2009
    affected < 0fixed 0

    The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws t

  • CVE-2009-2469Jul 22, 2009
    affected < 136.0.3-r0fixed 136.0.3-r0

    Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary cod

  • CVE-2009-1597May 11, 2009
    affected < 0fixed 0

    Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document obj

  • CVE-2008-4059Sep 24, 2008
    affected < 136.0.3-r0fixed 136.0.3-r0

    The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.

  • CVE-2007-6715Apr 17, 2008
    affected < 0fixed 0

    Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.

  • CVE-2007-4013Jul 26, 2007
    affected < 0fixed 0

    Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.0.0 in Citrix Access Gate

  • CVE-2007-3827Jul 17, 2007
    affected < 0fixed 0

    Mozilla Firefox allows for cookies to be set with a null domain (aka "domainless cookies"), which allows remote attackers to pass information between arbitrary domains and track user activity, as demonstrated by the domain attribute in the document.cookie variable in a javascript

  • CVE-2007-3670Jul 10, 2007
    affected < 0fixed 0

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) Firefox

  • CVE-2007-2176Apr 24, 2007
    affected < 0fixed 0

    Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.

  • CVE-2007-1970Apr 11, 2007
    affected < 0fixed 0

    Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

  • CVE-2007-0896Feb 13, 2007
    affected < 0fixed 0

    Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.

  • CVE-2003-1492Dec 31, 2003
    affected < 0fixed 0

    Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end.

Page 11 of 11