VYPR

rpm package

opensuse/firefox-esr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,106)

  • CVE-2010-2767Sep 9, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The navigator.plugins implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction of the DOM plugin array, which might allow remote attackers to cause a de

  • CVE-2010-2766Sep 9, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execut

  • CVE-2010-2765Sep 9, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the

  • CVE-2010-2764Sep 9, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of

  • CVE-2010-2762Sep 9, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScr

  • CVE-2010-2760Sep 9, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tre

  • CVE-2010-2753HigJul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which trigger

  • CVE-2010-2752Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) value

  • CVE-2010-1215Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper (aka SJOW) wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "ac

  • CVE-2010-1214Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via plugin content with many parameter elements.

  • CVE-2010-1213Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the

  • CVE-2010-1211Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow remote attackers to cause a denial of service (memory corruption and a

  • CVE-2010-1210Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS)

  • CVE-2010-1209Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterat

  • CVE-2010-1208HigJul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event a

  • CVE-2010-1207Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion.

  • CVE-2010-2755Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not properly free memory in the parameter array of a plugin instance, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted HTML document, rela

  • CVE-2010-2754Jul 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error messa

  • CVE-2010-1205CriJun 30, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

  • CVE-2010-1206Jun 25, 2010
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a docum

Page 100 of 106