Vendor CVEs
Mozilla Corporation
All CVEs
3,627 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-3985 | 0.00 | — | 0.03 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a… | |||
| CVE-2009-3984 | 0.00 | — | 0.02 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status… | |||
| CVE-2009-3983 | 0.00 | — | 0.02 | Dec 17, 2009 | Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. | |||
| CVE-2009-3982 | 0.00 | — | 0.04 | Dec 17, 2009 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via… | |||
| CVE-2009-3981 | 0.00 | — | 0.04 | Dec 17, 2009 | Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3980 | 0.00 | — | 0.04 | Dec 17, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown… | |||
| CVE-2009-3979 | 0.00 | — | 0.04 | Dec 17, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary… | |||
| CVE-2009-3389 | 0.00 | — | 0.05 | Dec 17, 2009 | Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. | |||
| CVE-2009-3388 | 0.00 | — | 0.03 | Dec 17, 2009 | liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues." | |||
| CVE-2009-4130 | 0.00 | — | 0.01 | Dec 14, 2009 | Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. | |||
| CVE-2009-4129 | 0.00 | — | 0.01 | Dec 14, 2009 | Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. | |||
| CVE-2009-4127 | 0.00 | — | 0.05 | Dec 2, 2009 | Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this… | |||
| CVE-2009-4102 | 0.00 | — | 0.03 | Nov 29, 2009 | Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||
| CVE-2009-4101 | 0.00 | — | 0.04 | Nov 29, 2009 | infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | |||
| CVE-2009-4100 | 0.00 | — | 0.04 | Nov 29, 2009 | Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. | |||
| CVE-2009-3386 | 0.00 | — | 0.02 | Nov 20, 2009 | Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug. | |||
| CVE-2009-3978 | 0.00 | — | 0.02 | Nov 19, 2009 | The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different… | |||
| CVE-2009-3383 | 0.00 | — | 0.04 | Oct 29, 2009 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3381 | 0.00 | — | 0.05 | Oct 29, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3380 | 0.00 | — | 0.05 | Oct 29, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3379 | 0.00 | — | 0.05 | Oct 29, 2009 | Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663. | |||
| CVE-2009-3378 | 0.00 | — | 0.04 | Oct 29, 2009 | The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows… | |||
| CVE-2009-3377 | 0.00 | — | 0.05 | Oct 29, 2009 | Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3376 | 0.00 | — | 0.03 | Oct 29, 2009 | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as… | |||
| CVE-2009-3375 | 0.00 | — | 0.02 | Oct 29, 2009 | content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function. | |||
| CVE-2009-3374 | 0.00 | — | 0.02 | Oct 29, 2009 | The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote… | |||
| CVE-2009-3372 | 0.00 | — | 0.04 | Oct 29, 2009 | Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | |||
| CVE-2009-3370 | 0.00 | — | 0.02 | Oct 29, 2009 | Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. | |||
| CVE-2009-3274 | 0.00 | — | 0.00 | Sep 21, 2009 | Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a… | |||
| CVE-2009-3166 | 0.00 | — | 0.01 | Sep 15, 2009 | token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer… | |||
| CVE-2009-3165 | 0.00 | — | 0.01 | Sep 15, 2009 | SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||
| CVE-2009-3125 | 0.00 | — | 0.01 | Sep 15, 2009 | SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||
| CVE-2009-3079 | 0.00 | — | 0.04 | Sep 10, 2009 | Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter. | |||
| CVE-2009-3078 | 0.00 | — | 0.02 | Sep 10, 2009 | Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. | |||
| CVE-2009-3077 | 0.00 | — | 0.05 | Sep 10, 2009 | Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability." | |||
| CVE-2009-3075 | 0.00 | — | 0.05 | Sep 10, 2009 | Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or… | |||
| CVE-2009-3074 | 0.00 | — | 0.05 | Sep 10, 2009 | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3073 | 0.00 | — | 0.05 | Sep 10, 2009 | Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3072 | 0.00 | — | 0.05 | Sep 10, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly… | |||
| CVE-2009-3071 | 0.00 | — | 0.05 | Sep 10, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3070 | 0.00 | — | 0.05 | Sep 10, 2009 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3069 | 0.00 | — | 0.04 | Sep 10, 2009 | Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||
| CVE-2009-3014 | 0.00 | — | 0.01 | Aug 31, 2009 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct… | |||
| CVE-2009-3012 | 0.00 | — | 0.01 | Aug 31, 2009 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that… | |||
| CVE-2009-3010 | 0.00 | — | 0.02 | Aug 31, 2009 | Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors… | |||
| CVE-2009-3007 | 0.00 | — | 0.01 | Aug 28, 2009 | Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document… | |||
| CVE-2009-2975 | 0.00 | — | 0.02 | Aug 27, 2009 | Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows… | |||
| CVE-2008-6961 | 0.00 | — | 0.02 | Aug 13, 2009 | mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2)… | |||
| CVE-2009-2665 | 0.00 | — | 0.03 | Aug 4, 2009 | The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome… | |||
| CVE-2009-2664 | 0.00 | — | 0.03 | Aug 4, 2009 | The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a… |
- CVE-2009-3985Dec 17, 2009risk 0.00cvss —epss 0.03
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a…
- CVE-2009-3984Dec 17, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status…
- CVE-2009-3983Dec 17, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
- CVE-2009-3982Dec 17, 2009risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via…
- CVE-2009-3981Dec 17, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3980Dec 17, 2009risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown…
- CVE-2009-3979Dec 17, 2009risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary…
- CVE-2009-3389Dec 17, 2009risk 0.00cvss —epss 0.05
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
- CVE-2009-3388Dec 17, 2009risk 0.00cvss —epss 0.03
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
- CVE-2009-4130Dec 14, 2009risk 0.00cvss —epss 0.01
Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name.
- CVE-2009-4129Dec 14, 2009risk 0.00cvss —epss 0.01
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain.
- CVE-2009-4127Dec 2, 2009risk 0.00cvss —epss 0.05
Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. NOTE: the provenance of this…
- CVE-2009-4102Nov 29, 2009risk 0.00cvss —epss 0.03
Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
- CVE-2009-4101Nov 29, 2009risk 0.00cvss —epss 0.04
infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
- CVE-2009-4100Nov 29, 2009risk 0.00cvss —epss 0.04
Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload.
- CVE-2009-3386Nov 20, 2009risk 0.00cvss —epss 0.02
Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug.
- CVE-2009-3978Nov 19, 2009risk 0.00cvss —epss 0.02
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different…
- CVE-2009-3383Oct 29, 2009risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3381Oct 29, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3380Oct 29, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3379Oct 29, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
- CVE-2009-3378Oct 29, 2009risk 0.00cvss —epss 0.04
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows…
- CVE-2009-3377Oct 29, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3376Oct 29, 2009risk 0.00cvss —epss 0.03
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as…
- CVE-2009-3375Oct 29, 2009risk 0.00cvss —epss 0.02
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection function.
- CVE-2009-3374Oct 29, 2009risk 0.00cvss —epss 0.02
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote…
- CVE-2009-3372Oct 29, 2009risk 0.00cvss —epss 0.04
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
- CVE-2009-3370Oct 29, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
- CVE-2009-3274Sep 21, 2009risk 0.00cvss —epss 0.00
Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and 3.0.14 and earlier 2.x and 3.x versions, on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a…
- CVE-2009-3166Sep 15, 2009risk 0.00cvss —epss 0.01
token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL at the beginning of a login session that occurs immediately after a password reset, which allows context-dependent attackers to discover passwords by reading (1) web-server access logs, (2) web-server Referer…
- CVE-2009-3165Sep 15, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
- CVE-2009-3125Sep 15, 2009risk 0.00cvss —epss 0.01
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
- CVE-2009-3079Sep 10, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.
- CVE-2009-3078Sep 10, 2009risk 0.00cvss —epss 0.02
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
- CVE-2009-3077Sep 10, 2009risk 0.00cvss —epss 0.05
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
- CVE-2009-3075Sep 10, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or…
- CVE-2009-3074Sep 10, 2009risk 0.00cvss —epss 0.05
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3073Sep 10, 2009risk 0.00cvss —epss 0.05
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3072Sep 10, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly…
- CVE-2009-3071Sep 10, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3070Sep 10, 2009risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3069Sep 10, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
- CVE-2009-3014Aug 31, 2009risk 0.00cvss —epss 0.01
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct…
- CVE-2009-3012Aug 31, 2009risk 0.00cvss —epss 0.01
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that…
- CVE-2009-3010Aug 31, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors…
- CVE-2009-3007Aug 28, 2009risk 0.00cvss —epss 0.01
Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document…
- CVE-2009-2975Aug 27, 2009risk 0.00cvss —epss 0.02
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows…
- CVE-2008-6961Aug 13, 2009risk 0.00cvss —epss 0.02
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2)…
- CVE-2009-2665Aug 4, 2009risk 0.00cvss —epss 0.03
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers to execute arbitrary JavaScript with chrome…
- CVE-2009-2664Aug 4, 2009risk 0.00cvss —epss 0.03
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a…
Page 63 of 73