VYPR

Firefox

by Mozilla Corporation

Source repositories

CVEs (3,179)

  • CVE-2010-1585Apr 28, 2010
    risk 0.00cvss epss 0.04

    The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes…

  • CVE-2010-0182Apr 5, 2010
    risk 0.00cvss epss 0.01

    The XMLDocument::load function in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 does not perform the expected nsIContentPolicy checks during loading of content by XML documents, which allows attackers to bypass intended…

  • CVE-2010-0181Apr 5, 2010
    risk 0.00cvss epss 0.02

    Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive…

  • CVE-2010-0179Apr 5, 2010
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote…

  • CVE-2010-0178Apr 5, 2010
    risk 0.00cvss epss 0.03

    Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, does not prevent applets from interpreting mouse clicks as drag-and-drop actions, which allows remote attackers to execute arbitrary JavaScript with Chrome privileges by…

  • CVE-2010-0176Apr 5, 2010
    risk 0.00cvss epss 0.05

    Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via…

  • CVE-2010-0174Apr 5, 2010
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application…

  • CVE-2010-0173Apr 5, 2010
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…

  • CVE-2010-1125Mar 26, 2010
    risk 0.00cvss epss 0.02

    The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls…

  • CVE-2010-1122Mar 25, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than…

  • CVE-2010-1121Mar 25, 2010
    risk 0.00cvss epss 0.06

    Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with…

  • CVE-2010-0172Mar 25, 2010
    risk 0.00cvss epss 0.01

    toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might allow remote web servers to…

  • CVE-2010-0171Mar 25, 2010
    risk 0.00cvss epss 0.02

    Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the…

  • CVE-2010-0170Mar 25, 2010
    risk 0.00cvss epss 0.02

    Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.

  • CVE-2010-0169Mar 25, 2010
    risk 0.00cvss epss 0.02

    The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding…

  • CVE-2010-0165Mar 25, 2010
    risk 0.00cvss epss 0.04

    The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors…

  • CVE-2010-0164Mar 25, 2010
    risk 0.00cvss epss 0.06

    Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute…

  • CVE-2010-0162Feb 22, 2010
    risk 0.00cvss epss 0.03

    Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element,…

  • CVE-2010-0160Feb 22, 2010
    risk 0.00cvss epss 0.06

    The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and…

  • CVE-2010-0159Feb 22, 2010
    risk 0.00cvss epss 0.05

    The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors…

Page 139 of 159