| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-0794 |
|
|
|
2013-04-03 |
2013-06-14 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site. |
|
2 |
CVE-2013-0791 |
119 |
|
DoS Overflow Mem. Corr. |
2013-04-03 |
2013-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate. |
|
3 |
CVE-2013-0774 |
264 |
|
|
2013-02-19 |
2013-02-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors. |
|
4 |
CVE-2013-0772 |
119 |
|
DoS Overflow +Info |
2013-02-19 |
2013-02-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image. |
|
5 |
CVE-2013-0765 |
20 |
|
Bypass |
2013-02-19 |
2013-02-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors. |
|
6 |
CVE-2013-0759 |
287 |
|
|
2013-01-13 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to spoof the address bar via vectors involving authentication information in the userinfo field of a URL, in conjunction with a 204 (aka No Content) HTTP status code. |
|
7 |
CVE-2013-0751 |
264 |
|
XSS +Info |
2013-01-13 |
2013-02-07 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. |
|
8 |
CVE-2013-0748 |
200 |
|
Bypass +Info |
2013-01-13 |
2013-02-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XBL.__proto__.toString implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 makes it easier for remote attackers to bypass the ASLR protection mechanism by calling the toString function of an XBL object. |
|
9 |
CVE-2012-4196 |
264 |
|
Bypass |
2012-10-29 |
2013-04-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 allow remote attackers to bypass the Same Origin Policy and read the Location object via a prototype property-injection attack that defeats certain protection mechanisms for this object. |
|
10 |
CVE-2012-4195 |
264 |
|
Exec Code XSS |
2012-10-29 |
2013-04-10 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, Thunderbird before 16.0.2, Thunderbird ESR 10.x before 10.0.10, and SeaMonkey before 2.13.2 does not properly determine the calling document and principal in its return value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, and makes it easier for remote attackers to execute arbitrary JavaScript code by leveraging certain add-on behavior. |
|
11 |
CVE-2012-3992 |
264 |
|
XSS |
2012-10-10 |
2013-05-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object. |
|
12 |
CVE-2012-3976 |
|
|
|
2012-08-29 |
2013-05-29 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page. |
|
13 |
CVE-2012-3972 |
200 |
|
+Info |
2012-08-29 |
2013-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The format-number functionality in the XSLT implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based buffer over-read. |
|
14 |
CVE-2012-1960 |
200 |
|
+Info |
2012-07-18 |
2013-05-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. |
|
15 |
CVE-2012-1959 |
264 |
|
Bypass |
2012-07-18 |
2012-11-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. |
|
16 |
CVE-2012-0473 |
189 |
|
+Info |
2012-04-25 |
2012-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. |
|
17 |
CVE-2012-0456 |
200 |
|
+Info |
2012-03-14 |
2013-02-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read. |
|
18 |
CVE-2012-0447 |
200 |
|
+Info |
2012-02-01 |
2012-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image. |
|
19 |
CVE-2012-0445 |
264 |
|
Bypass |
2012-02-01 |
2012-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating a form submission target with a sub-frame's name attribute. |
|
20 |
CVE-2012-0441 |
119 |
|
DoS Overflow |
2012-06-05 |
2013-04-01 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response. |
|
21 |
CVE-2011-4688 |
264 |
|
|
2011-12-07 |
2011-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code. |
|
22 |
CVE-2011-3670 |
200 |
|
+Info |
2012-02-01 |
2012-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages. |
|
23 |
CVE-2011-3653 |
200 |
|
Bypass +Info |
2011-11-09 |
2012-01-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures. |
|
24 |
CVE-2011-2990 |
255 |
|
+Info |
2011-08-18 |
2011-10-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which allows attackers to obtain sensitive information by reading a report, related to incorrect host resolution that occurs with certain redirects. |
|
25 |
CVE-2011-2986 |
200 |
|
Bypass +Info |
2011-08-18 |
2012-12-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. |
|
26 |
CVE-2011-2377 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2011-06-30 |
2011-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. |
|
27 |
CVE-2011-2370 |
264 |
|
|
2011-06-30 |
2011-08-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. |
|
28 |
CVE-2011-2362 |
264 |
|
Bypass |
2011-06-30 |
2011-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. |
|
29 |
CVE-2011-0071 |
22 |
|
Dir. Trav. |
2011-05-07 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. |
|
30 |
CVE-2011-0067 |
20 |
|
|
2011-05-07 |
2012-01-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls. |
|
31 |
CVE-2010-3400 |
310 |
|
|
2010-09-15 |
2011-07-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses the current time for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2008-5913. |
|
32 |
CVE-2010-3399 |
310 |
|
|
2010-09-15 |
2011-07-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. |
|
33 |
CVE-2010-3178 |
264 |
|
Bypass |
2010-10-21 |
2011-07-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document. |
|
34 |
CVE-2010-3171 |
310 |
|
|
2010-09-15 |
2011-07-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. |
|
35 |
CVE-2010-2754 |
200 |
|
+Info |
2010-07-30 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. |
|
36 |
CVE-2010-1990 |
399 |
|
DoS |
2010-05-20 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with many IFRAME elements. |
|
37 |
CVE-2010-1987 |
399 |
1
|
DoS |
2010-05-20 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption, out-of-bounds read, and application crash) via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring operations, related to the DoubleWideCharMappedString class in USP10.dll and the gfxWindowsFontGroup::GetUnderlineOffset function in xul.dll, a different vulnerability than CVE-2009-1571. |
|
38 |
CVE-2010-1986 |
399 |
1
|
DoS |
2010-05-20 |
2011-07-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service (memory consumption and application crash) via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related to the gfxWindowsFontGroup::MakeTextRun function in xul.dll, a different vulnerability than CVE-2009-1571. |
|
39 |
CVE-2010-1125 |
200 |
|
+Info |
2010-03-26 |
2012-11-05 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method. |
|
40 |
CVE-2010-0220 |
399 |
|
DoS |
2010-01-07 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array. |
|
41 |
CVE-2010-0179 |
94 |
|
|
2010-04-05 |
2011-01-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, when the XMLHttpRequestSpy module in the Firebug add-on is used, does not properly handle interaction between the XMLHttpRequestSpy object and chrome privileged objects, which allows remote attackers to execute arbitrary JavaScript via a crafted HTTP response. |
|
42 |
CVE-2010-0169 |
|
|
|
2010-03-25 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching. |
|
43 |
CVE-2010-0166 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2010-03-25 |
2012-01-26 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters. |
|
44 |
CVE-2009-4630 |
200 |
|
+Info |
2010-01-29 |
2010-01-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the application's user by logging DNS requests. NOTE: the vendor disputes the significance of this issue, stating "I don't think we necessarily need to worry about that case." |
|
45 |
CVE-2009-4130 |
|
|
|
2009-12-14 |
2009-12-15 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Visual truncation vulnerability in the MakeScriptDialogTitle function in nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the origin domain name of a script via a long name. |
|
46 |
CVE-2009-4129 |
362 |
|
|
2009-12-14 |
2009-12-15 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain. |
|
47 |
CVE-2009-3988 |
264 |
|
XSS Bypass |
2010-02-22 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values. |
|
48 |
CVE-2009-3370 |
|
|
|
2009-10-29 |
2010-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries. |
|
49 |
CVE-2009-3078 |
20 |
|
|
2009-09-10 |
2012-10-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property. |
|
50 |
CVE-2009-2975 |
|
|
DoS |
2009-08-27 |
2009-09-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol. |
