VYPR

rpm package

opensuse/MozillaFirefox&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,480)

  • CVE-2009-1310Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

  • CVE-2009-1309Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attack

  • CVE-2009-1308Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay

  • CVE-2009-1307Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) re

  • CVE-2009-1306Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar fil

  • CVE-2009-1305Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that la

  • CVE-2009-1304Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, rel

  • CVE-2009-1303Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.

  • CVE-2009-1302Apr 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run

  • CVE-2009-1169Mar 27, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

  • CVE-2009-1044Mar 23, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at Ca

  • CVE-2009-0777Mar 5, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phi

  • CVE-2009-0776Mar 5, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

  • CVE-2009-0775Mar 5, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garba

  • CVE-2009-0774Mar 5, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-077

  • CVE-2009-0773Mar 5, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which caus

  • CVE-2009-0772Mar 5, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage

  • CVE-2009-0771Mar 5, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures.

  • CVE-2009-0040Feb 22, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a

  • CVE-2009-0652Feb 20, 2009
    affected < 50.1.0-1.1fixed 50.1.0-1.1

    The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks,