VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,480)

  • CVE-2009-3373Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2009-3372Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

  • CVE-2009-3371Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.

  • CVE-2009-3370Oct 29, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

  • CVE-2009-3274Sep 21, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file

  • CVE-2009-3079Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

  • CVE-2009-3078Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

  • CVE-2009-3077Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."

  • CVE-2009-3075Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibl

  • CVE-2009-3074Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3073Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3072Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e

  • CVE-2009-3071Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3070Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-3069Sep 10, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-2470Aug 4, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.

  • CVE-2009-2654Aug 3, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object,

  • CVE-2009-1313Apr 30, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exist

  • CVE-2009-1312Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of

  • CVE-2009-1311Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of th

Page 121 of 124