Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2704 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2478 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug." | ||||
| CVE-2009-2477 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements. | ||||
| CVE-2009-2472 | 5 Fedoraproject, Mozilla, Opensuse and 2 more | 7 Fedora, Firefox, Opensuse and 4 more | 2024-11-21 | N/A |
| Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." | ||||
| CVE-2009-2471 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
| The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. | ||||
| CVE-2009-2470 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | ||||
| CVE-2009-2469 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | ||||
| CVE-2009-2468 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194. | ||||
| CVE-2009-2467 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. | ||||
| CVE-2009-2466 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-11-21 | N/A |
| The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. | ||||
| CVE-2009-2465 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. | ||||
| CVE-2009-2464 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | N/A |
| The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. | ||||
| CVE-2009-2463 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-11-21 | N/A |
| Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. | ||||
| CVE-2009-2462 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-11-21 | N/A |
| The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition. | ||||
| CVE-2009-2409 | 4 Gnu, Mozilla, Openssl and 1 more | 8 Gnutls, Firefox, Nss and 5 more | 2024-11-21 | N/A |
| The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. | ||||
| CVE-2009-2408 | 6 Canonical, Debian, Mozilla and 3 more | 11 Ubuntu Linux, Debian Linux, Firefox and 8 more | 2024-11-21 | 5.9 Medium |
| Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5. | ||||
| CVE-2009-2404 | 5 Aol, Gnome, Mozilla and 2 more | 9 Instant Messenger, Evolution, Firefox and 6 more | 2024-11-21 | N/A |
| Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function. | ||||
| CVE-2009-2065 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | ||||
| CVE-2009-2061 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | ||||
| CVE-2009-2044 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2024-11-21 | N/A |
| Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | ||||
| CVE-2009-2043 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. | ||||