VYPR

rpm package

opensuse/firefox-esr&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweed

Vulnerabilities (2,106)

  • CVE-2009-3078Sep 10, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

  • CVE-2009-3077Sep 10, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."

  • CVE-2009-3072Sep 10, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly e

  • CVE-2009-3069Sep 10, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

  • CVE-2009-2470Aug 4, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.

  • CVE-2009-2654Aug 3, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object,

  • CVE-2009-1313Apr 30, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exist

  • CVE-2009-1312Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of

  • CVE-2009-1311Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of th

  • CVE-2009-1310Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.

  • CVE-2009-1309Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attack

  • CVE-2009-1308Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay

  • CVE-2009-1307Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) re

  • CVE-2009-1306Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar fil

  • CVE-2009-1302Apr 22, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run

  • CVE-2009-1169Mar 27, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.

  • CVE-2009-1044Mar 23, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at Ca

  • CVE-2009-0777Mar 5, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phi

  • CVE-2009-0776Mar 5, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.

  • CVE-2009-0775Mar 5, 2009
    affected < 128.5.1-1.1fixed 128.5.1-1.1

    Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garba

Page 103 of 106