VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,480)

  • CVE-2010-1197Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-si

  • CVE-2010-1196Jun 24, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that

  • CVE-2010-0182Apr 5, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended

  • CVE-2010-0181Apr 5, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive applicati

  • CVE-2010-0178Apr 5, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading

  • CVE-2010-0177Apr 5, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause

  • CVE-2010-0176Apr 5, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via uns

  • CVE-2010-0174Apr 5, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application cra

  • CVE-2010-0173Apr 5, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut

  • CVE-2010-1125Mar 26, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls t

  • CVE-2010-1121Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with

  • CVE-2010-0172Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spo

  • CVE-2010-0171Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventLi

  • CVE-2010-0170Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.

  • CVE-2010-0169Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding t

  • CVE-2010-0168Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a de

  • CVE-2010-0167Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrar

  • CVE-2010-0166Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service

  • CVE-2010-0165Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving

  • CVE-2010-0164Mar 25, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitra

Page 119 of 124