VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,480)

  • CVE-2010-2751Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The nsDocShell::OnRedirectStateChange function in docshell/base/nsDocShell.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to spoof the SSL security status of a document via vectors involving multiple requests

  • CVE-2010-1215Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "ac

  • CVE-2010-1214Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.

  • CVE-2010-1213Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the

  • CVE-2010-1212Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) propagat

  • CVE-2010-1211Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and a

  • CVE-2010-1210Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS)

  • CVE-2010-1209Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterat

  • CVE-2010-1208HigJul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event a

  • CVE-2010-1207Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.

  • CVE-2010-2755Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, rela

  • CVE-2010-2754Jul 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error messa

  • CVE-2010-1205CriJun 30, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

  • CVE-2010-1206Jun 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a docum

  • CVE-2010-1203Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.

  • CVE-2010-1202Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possi

  • CVE-2010-1201Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkno

  • CVE-2010-1200Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly

  • CVE-2010-1199Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.

  • CVE-2010-1198Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.

Page 118 of 124