rpm package
opensuse/firefox-esr&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed
Vulnerabilities (2,106)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-0164 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Mar 25, 2010 | Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitra | ||
| CVE-2010-1028 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Mar 19, 2010 | Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrate | ||
| CVE-2010-0654 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Feb 18, 2010 | Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is | ||
| CVE-2009-3984 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status | ||
| CVE-2009-3983 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | ||
| CVE-2009-3979 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Dec 17, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary | ||
| CVE-2009-3389 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Dec 17, 2009 | Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | ||
| CVE-2009-3388 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Dec 17, 2009 | liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | ||
| CVE-2009-3555 | Cri | 9.8 | < 128.5.1-1.1 | 128.5.1-1.1 | Nov 9, 2009 | The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and | |
| CVE-2009-3380 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||
| CVE-2009-3377 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | ||
| CVE-2009-3376 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demons | ||
| CVE-2009-3375 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | ||
| CVE-2009-3374 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote | ||
| CVE-2009-3373 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | ||
| CVE-2009-3372 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | ||
| CVE-2009-3371 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively. | ||
| CVE-2009-3370 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Oct 29, 2009 | Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. | ||
| CVE-2009-3274 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 21, 2009 | Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file | ||
| CVE-2009-3079 | — | < 128.5.1-1.1 | 128.5.1-1.1 | Sep 10, 2009 | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. |
- CVE-2010-0164Mar 25, 2010affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitra
- CVE-2010-1028Mar 19, 2010affected < 128.5.1-1.1fixed 128.5.1-1.1
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrate
- CVE-2010-0654Feb 18, 2010affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is
- CVE-2009-3984Dec 17, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status
- CVE-2009-3983Dec 17, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
- CVE-2009-3979Dec 17, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary
- CVE-2009-3389Dec 17, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
- CVE-2009-3388Dec 17, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
- affected < 128.5.1-1.1fixed 128.5.1-1.1
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and
- CVE-2009-3380Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3377Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3376Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demons
- CVE-2009-3375Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
- CVE-2009-3374Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote
- CVE-2009-3373Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2009-3372Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
- CVE-2009-3371Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
- CVE-2009-3370Oct 29, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
- CVE-2009-3274Sep 21, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file
- CVE-2009-3079Sep 10, 2009affected < 128.5.1-1.1fixed 128.5.1-1.1
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
Page 102 of 106