VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,480)

  • CVE-2010-1028Mar 19, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrate

  • CVE-2010-0654Feb 18, 2010
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is

  • CVE-2009-3985Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a r

  • CVE-2009-3984Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status

  • CVE-2009-3983Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.

  • CVE-2009-3982Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknow

  • CVE-2009-3980Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown v

  • CVE-2009-3979Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary

  • CVE-2009-3389Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.

  • CVE-2009-3388Dec 17, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."

  • CVE-2009-3555CriNov 9, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and

  • CVE-2009-3383Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3381Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3380Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3379Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.

  • CVE-2009-3378Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows rem

  • CVE-2009-3377Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3376Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demons

  • CVE-2009-3375Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.

  • CVE-2009-3374Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote

Page 120 of 124