Firefox
Source repositories
CVEs (3,179)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3988 | 0.00 | — | 0.02 | Feb 22, 2010 | Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks… | |||
| CVE-2010-0654 | 0.00 | — | 0.02 | Feb 18, 2010 | Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document… | |||
| CVE-2010-0648 | 0.00 | — | 0.01 | Feb 18, 2010 | Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href… | |||
| CVE-2009-4630 | 0.00 | — | 0.01 | Jan 29, 2010 | Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS… | |||
| CVE-2010-0220 | 0.00 | — | 0.01 | Jan 7, 2010 | The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert… | |||
| CVE-2009-3987 | 0.00 | — | 0.02 | Dec 17, 2009 | The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain… | |||
| CVE-2009-3986 | 0.00 | — | 0.04 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | |||
| CVE-2009-3985 | 0.00 | — | 0.03 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a… | |||
| CVE-2009-3984 | 0.00 | — | 0.02 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status… | |||
| CVE-2009-3983 | 0.00 | — | 0.02 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | |||
| CVE-2009-3982 | 0.00 | — | 0.04 | Dec 17, 2009 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via… | |||
| CVE-2009-3981 | 0.00 | — | 0.04 | Dec 17, 2009 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3980 | 0.00 | — | 0.04 | Dec 17, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown… | |||
| CVE-2009-3979 | 0.00 | — | 0.04 | Dec 17, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary… | |||
| CVE-2009-3389 | 0.00 | — | 0.05 | Dec 17, 2009 | Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | |||
| CVE-2009-3388 | 0.00 | — | 0.03 | Dec 17, 2009 | liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | |||
| CVE-2009-4130 | 0.00 | — | 0.01 | Dec 14, 2009 | Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | |||
| CVE-2009-4129 | 0.00 | — | 0.01 | Dec 14, 2009 | Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. | |||
| CVE-2009-4102 | 0.00 | — | 0.03 | Nov 29, 2009 | Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||
| CVE-2009-4100 | 0.00 | — | 0.04 | Nov 29, 2009 | Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. |
- CVE-2009-3988Feb 22, 2010risk 0.00cvss —epss 0.02
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks…
- CVE-2010-0654Feb 18, 2010risk 0.00cvss —epss 0.02
Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document…
- CVE-2010-0648Feb 18, 2010risk 0.00cvss —epss 0.01
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href…
- CVE-2009-4630Jan 29, 2010risk 0.00cvss —epss 0.01
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS…
- CVE-2010-0220Jan 7, 2010risk 0.00cvss —epss 0.01
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert…
- CVE-2009-3987Dec 17, 2009risk 0.00cvss —epss 0.02
The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, generates different exception messages depending on whether the referenced COM object is listed in the registry, which allows remote attackers to obtain…
- CVE-2009-3986Dec 17, 2009risk 0.00cvss —epss 0.04
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
- CVE-2009-3985Dec 17, 2009risk 0.00cvss —epss 0.03
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a…
- CVE-2009-3984Dec 17, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status…
- CVE-2009-3983Dec 17, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
- CVE-2009-3982Dec 17, 2009risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via…
- CVE-2009-3981Dec 17, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3980Dec 17, 2009risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown…
- CVE-2009-3979Dec 17, 2009risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary…
- CVE-2009-3389Dec 17, 2009risk 0.00cvss —epss 0.05
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
- CVE-2009-3388Dec 17, 2009risk 0.00cvss —epss 0.03
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
- CVE-2009-4130Dec 14, 2009risk 0.00cvss —epss 0.01
Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
- CVE-2009-4129Dec 14, 2009risk 0.00cvss —epss 0.01
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
- CVE-2009-4102Nov 29, 2009risk 0.00cvss —epss 0.03
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
- CVE-2009-4100Nov 29, 2009risk 0.00cvss —epss 0.04
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
Page 140 of 159