rpm package
opensuse/MozillaFirefox&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,480)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-1197 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 24, 2010 | Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-si | ||
| CVE-2010-1196 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jun 24, 2010 | Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that | ||
| CVE-2010-0182 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Apr 5, 2010 | The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended | ||
| CVE-2010-0181 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Apr 5, 2010 | Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive applicati | ||
| CVE-2010-0178 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Apr 5, 2010 | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading | ||
| CVE-2010-0177 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Apr 5, 2010 | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause | ||
| CVE-2010-0176 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Apr 5, 2010 | Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via uns | ||
| CVE-2010-0174 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Apr 5, 2010 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application cra | ||
| CVE-2010-0173 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Apr 5, 2010 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut | ||
| CVE-2010-1125 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 26, 2010 | The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls t | ||
| CVE-2010-1121 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with | ||
| CVE-2010-0172 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spo | ||
| CVE-2010-0171 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventLi | ||
| CVE-2010-0170 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | ||
| CVE-2010-0169 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding t | ||
| CVE-2010-0168 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a de | ||
| CVE-2010-0167 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrar | ||
| CVE-2010-0166 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service | ||
| CVE-2010-0165 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving | ||
| CVE-2010-0164 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Mar 25, 2010 | Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitra |
- CVE-2010-1197Jun 24, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-si
- CVE-2010-1196Jun 24, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that
- CVE-2010-0182Apr 5, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended
- CVE-2010-0181Apr 5, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive applicati
- CVE-2010-0178Apr 5, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by loading
- CVE-2010-0177Apr 5, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause
- CVE-2010-0176Apr 5, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via uns
- CVE-2010-0174Apr 5, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application cra
- CVE-2010-0173Apr 5, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut
- CVE-2010-1125Mar 26, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls t
- CVE-2010-1121Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with
- CVE-2010-0172Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to spo
- CVE-2010-0171Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventLi
- CVE-2010-0170Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.
- CVE-2010-0169Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding t
- CVE-2010-0168Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a de
- CVE-2010-0167Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrar
- CVE-2010-0166Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service
- CVE-2010-0165Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving
- CVE-2010-0164Mar 25, 2010affected < 50.1.0-1.1fixed 50.1.0-1.1
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitra
Page 119 of 124