rpm package
opensuse/MozillaFirefox&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,480)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2011-2373 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 30, 2011 | Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | ||
| CVE-2011-2371 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 30, 2011 | Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | ||
| CVE-2011-2370 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 30, 2011 | Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. | ||
| CVE-2011-2369 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 30, 2011 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. | ||
| CVE-2011-2368 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 30, 2011 | The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||
| CVE-2011-2367 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 30, 2011 | The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unsp | ||
| CVE-2011-2366 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 30, 2011 | Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment | ||
| CVE-2011-0081 | — | < 50.1.0-1.1 | 50.1.0-1.1 | May 7, 2011 | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via | ||
| CVE-2011-0080 | — | < 50.1.0-1.1 | 50.1.0-1.1 | May 7, 2011 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possi | ||
| CVE-2011-0079 | — | < 50.1.0-1.1 | 50.1.0-1.1 | May 7, 2011 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD | ||
| CVE-2011-0070 | — | < 50.1.0-1.1 | 50.1.0-1.1 | May 7, 2011 | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) | ||
| CVE-2011-0069 | — | < 50.1.0-1.1 | 50.1.0-1.1 | May 7, 2011 | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) | ||
| CVE-2011-1202 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 11, 2011 | The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call | ||
| CVE-2011-1187 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 11, 2011 | Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | ||
| CVE-2010-3765 | Cri | 9.8 | KEV | < 50.1.0-1.1 | 50.1.0-1.1 | Oct 28, 2010 | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::Cont |
| CVE-2010-3183 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Oct 21, 2010 | The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows | ||
| CVE-2010-3182 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Oct 21, 2010 | A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileg | ||
| CVE-2010-3180 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Oct 21, 2010 | Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of | ||
| CVE-2010-3179 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Oct 21, 2010 | Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (me | ||
| CVE-2010-3178 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Oct 21, 2010 | Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navi |
- CVE-2011-2373Jun 30, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
- CVE-2011-2371Jun 30, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
- CVE-2011-2370Jun 30, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.
- CVE-2011-2369Jun 30, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity.
- CVE-2011-2368Jun 30, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
- CVE-2011-2367Jun 30, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unsp
- CVE-2011-2366Jun 30, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment
- CVE-2011-0081May 7, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via
- CVE-2011-0080May 7, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possi
- CVE-2011-0079May 7, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD
- CVE-2011-0070May 7, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash)
- CVE-2011-0069May 7, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash)
- CVE-2011-1202Mar 11, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 and earlier, as used in Google Chrome before 10.0.648.127 and other products, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call
- CVE-2011-1187Mar 11, 2011affected < 50.1.0-1.1fixed 50.1.0-1.1
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
- affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::Cont
- CVE-2010-3183Oct 21, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows
- CVE-2010-3182Oct 21, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileg
- CVE-2010-3180Oct 21, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of
- CVE-2010-3179Oct 21, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (me
- CVE-2010-3178Oct 21, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navi
Page 116 of 124