SUSE CVE-2009-2953

Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service CPU consumption via JavaScript code with a long string value for the hash property aka location.hash, a related issue to CVE-2008-5715...

SUSE CVE-2009-3371

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code by creating JavaScript web-workers recursively...

SUSE CVE-2009-3378

The oggplaydatahandletheoraframe function in media/liboggplay/src/liboggplay/oggplaydata.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause...

SUSE CVE-2010-3174

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

DubSite CMS 1.0 - CSRF Vulnerability

No description provided by source. Pentest Information: ==================== Connection has discovered a Cross Site Request ForgeryCSRF vulnerability in DubSite CMS v1.0 Details ======= Tested on OS: Windows XP Tested with Software: Mozilla Firefox 3.5.x Vulnerable Products: DubSite CMS Affected...

CVE-2011-0075

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

Mozilla Firefox 3.5.x < 3.5.15 Buffer Overflow Vulnerability

Binary data 801274.prm...

CVE-2010-2753

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-fre...

CVE-2010-0183

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus...

Design/Logic Flaw

Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus...

Firefox nsTreeSelection实现释放后使用漏洞

CVE ID: CVE-2010-0175 Firefox是一款流行的开源WEB浏览器。 Firefox处理nsTreeSelection元素的特殊事件时存在释放后使用漏洞。在执行select事件时，Firefox未经检查元素之前是否已被释放便进行了访问，这可能导致执行任意代码。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla Thunderbird 3.0.4 Mozilla SeaMonkey 2.0.4 临时解决方法： 禁用JavaScript。 厂商补丁： Debian ------...

Mandriva Linux Security Advisory : firefox (MDVSA-2010:042)

Security issues were identified and fixed in firefox 3.0.x and 3.5.x : Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and ...

Firefox内容注入网页欺骗漏洞

BUGTRAQ ID: 37370 CVE ID: CVE-2009-3985 Firefox是一款流行的开源WEB浏览器。 恶意网页可以将document.location设置为无法正确显示的URL，然后向所生成的空白页中注入内容。攻击者可以利用这个漏洞在地址栏中放置看起来合法但实际上无效的URL，并向页面中注入HTML和JavaScript，执行欺骗攻击。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 2.0 厂商补丁： Debian ------...

DubSite CMS 1.0 Cross Site Request Forgery

Pentest Information: ==================== Connection has discovered a Cross Site Request ForgeryCSRF vulnerability in DubSite CMS v1.0 Details ======= Tested on OS: Windows XP Tested with Software: Mozilla Firefox 3.5.x Vulnerable Products: DubSite CMS Affected Versions: 1.0 Vulnerability Type:...

DubSite CMS 1.0 - Cross-Site Request Forgery

DubSite CMS 1.0 - Cross-Site Request Forgery Pentest Information: ==================== Connection has discovered a Cross Site Request ForgeryCSRF vulnerability in DubSite CMS v1.0 Details ======= Tested on OS: Windows XP Tested with Software: Mozilla Firefox 3.5.x Vulnerable Products: DubSite CMS...

CVE-2009-3982

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

Barracuda IMFirewall 620 Vulnerability

Exploit for unknown platform in category web applications ====================================== Barracuda IMFirewall 620 Vulnerability ====================================== PenTest Information: ==================== GESEC Team remove discover multiple Input Validation Vulnerabilities on Barracud...

Mozilla Firefox libpr0n GIF解析器堆溢出漏洞

BUGTRAQ ID: 36855 CVE ID: CVE-2009-3373 Firefox是一款流行的开源WEB浏览器。 Firefox的libpr0n GIF解析器使用gifimageheader语句解释单个单个图形/帧描述记录。一个GIF文件可能包含有多个图形，每个图形都关联到不同的颜色映射。 在处理多图形GIF文件中后面图形颜色映射的变化时没有正确地管理内存重新分配，用户受骗打开包含有GIF文件的恶意网页就可能触发堆溢出，导致执行任意指令。 Mozilla Firefox 3.5.x Mozilla Firefox 3.0.x Mozilla SeaMonkey 1.1.x...

DEBIAN-CVE-2009-3378

The oggplaydatahandletheoraframe function in media/liboggplay/src/liboggplay/oggplaydata.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause...

CVE-2009-3374

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to...