rpm package
opensuse/MozillaFirefox&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,480)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-0358 | — | < 92.0-1.2 | 92.0-1.2 | Feb 4, 2009 | Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading t | ||
| CVE-2009-0357 | — | < 92.0-1.2 | 92.0-1.2 | Feb 4, 2009 | Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to | ||
| CVE-2009-0356 | — | < 92.0-1.2 | 92.0-1.2 | Feb 4, 2009 | Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involvi | ||
| CVE-2009-0355 | — | < 92.0-1.2 | 92.0-1.2 | Feb 4, 2009 | components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. | ||
| CVE-2009-0354 | — | < 92.0-1.2 | 92.0-1.2 | Feb 4, 2009 | Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method | ||
| CVE-2009-0352 | — | < 92.0-1.2 | 92.0-1.2 | Feb 4, 2009 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related | ||
| CVE-2008-5913 | — | < 50.1.0-1.1 | 50.1.0-1.1 | Jan 20, 2009 | The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a | ||
| CVE-2008-4063 | — | < 92.0-1.2 | 92.0-1.2 | Sep 24, 2008 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" va | ||
| CVE-2008-0594 | — | < 92.0-1.2 | 92.0-1.2 | Feb 9, 2008 | Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks. | ||
| CVE-2008-0593 | — | < 92.0-1.2 | 92.0-1.2 | Feb 9, 2008 | Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information fro | ||
| CVE-2008-0592 | — | < 92.0-1.2 | 92.0-1.2 | Feb 9, 2008 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future pla | ||
| CVE-2008-0591 | — | < 92.0-1.2 | 92.0-1.2 | Feb 9, 2008 | Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the w | ||
| CVE-2008-0419 | — | < 92.0-1.2 | 92.0-1.2 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles. | ||
| CVE-2008-0418 | — | < 92.0-1.2 | 92.0-1.2 | Feb 8, 2008 | Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated b | ||
| CVE-2008-0417 | — | < 92.0-1.2 | 92.0-1.2 | Feb 8, 2008 | CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password. | ||
| CVE-2008-0415 | — | < 92.0-1.2 | 92.0-1.2 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript p | ||
| CVE-2008-0414 | — | < 92.0-1.2 | 92.0-1.2 | Feb 8, 2008 | Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing." | ||
| CVE-2008-0412 | — | < 92.0-1.2 | 92.0-1.2 | Feb 8, 2008 | The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) | ||
| CVE-2007-3738 | — | < 92.0-1.2 | 92.0-1.2 | Jul 18, 2007 | Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper. | ||
| CVE-2007-3737 | — | < 92.0-1.2 | 92.0-1.2 | Jul 18, 2007 | Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document." |
- CVE-2009-0358Feb 4, 2009affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading t
- CVE-2009-0357Feb 4, 2009affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to
- CVE-2009-0356Feb 4, 2009affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the (1) about:plugins and (2) about:config URIs from .desktop files, which allows user-assisted remote attackers to bypass the Same Origin Policy and execute arbitrary code with chrome privileges via vectors involvi
- CVE-2009-0355Feb 4, 2009affected < 92.0-1.2fixed 92.0-1.2
components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element.
- CVE-2009-0354Feb 4, 2009affected < 92.0-1.2fixed 92.0-1.2
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method
- CVE-2009-0352Feb 4, 2009affected < 92.0-1.2fixed 92.0-1.2
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related
- CVE-2008-5913Jan 20, 2009affected < 50.1.0-1.1fixed 50.1.0-1.1
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a
- CVE-2008-4063Sep 24, 2008affected < 92.0-1.2fixed 92.0-1.2
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" va
- CVE-2008-0594Feb 9, 2008affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
- CVE-2008-0593Feb 9, 2008affected < 92.0-1.2fixed 92.0-1.2
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information fro
- CVE-2008-0592Feb 9, 2008affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to cause a denial of service via a plain .txt file with a "Content-Disposition: attachment" and an invalid "Content-Type: plain/text," which prevents Firefox from rendering future pla
- CVE-2008-0591Feb 9, 2008affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does not properly manage a delay timer used in confirmation dialogs, which might allow remote attackers to trick users into confirming an unsafe action, such as remote file execution, by using a timer to change the w
- CVE-2008-0419Feb 8, 2008affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service (crash) via images in a page that uses designMode frames, which triggers memory corruption related to resize handles.
- CVE-2008-0418Feb 8, 2008affected < 92.0-1.2fixed 92.0-1.2
Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8, when using "flat" addons, allows remote attackers to read arbitrary Javascript, image, and stylesheet files via the chrome: URI scheme, as demonstrated b
- CVE-2008-0417Feb 8, 2008affected < 92.0-1.2fixed 92.0-1.2
CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows remote user-assisted web sites to corrupt the user's password store via newlines that are not properly handled when the user saves a password.
- CVE-2008-0415Feb 8, 2008affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka "JavaScript p
- CVE-2008-0414Feb 8, 2008affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
- CVE-2008-0412Feb 8, 2008affected < 92.0-1.2fixed 92.0-1.2
The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2)
- CVE-2007-3738Jul 18, 2007affected < 92.0-1.2fixed 92.0-1.2
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 allow remote attackers to execute arbitrary code via a crafted XPCNativeWrapper.
- CVE-2007-3737Jul 18, 2007affected < 92.0-1.2fixed 92.0-1.2
Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."
Page 123 of 124