Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)

Check for the Version of mozilla-firefox OpenVAS Vulnerability Test Mandriva Update for mozilla-firefox MDVSA-2008:228 mozilla-firefox Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)

Check for the Version of mozilla-firefox OpenVAS Vulnerability Test Mandriva Update for mozilla-firefox MDVSA-2008:228 mozilla-firefox Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1

Ubuntu Update for Linux kernel vulnerabilities USN-667-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6671.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox, firefox-3.0, xulrunner-1.9 vulnerabilities USN-667-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone...

Cross site scripting

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

CVE-2008-5019

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...

Design/Logic Flaw

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are no...

Design/Logic Flaw

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

CVE-2008-0017

CVE-2008-0017 is a buffer overflow in the http-index-format parser (nsDirIndexParser) that could lead to remote arbitrary code execution. Public advisories show affected Mozilla-family products (Firefox/Iceweasel/Iceape/SeaMonkey/XULRunner) with fixes in Firefox 3.0.4 and corresponding Mozilla/NS...

Mozilla crash with evidence of memory corruption

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash via vectors related to "insufficient class checking" in the Date class...

CVE-2008-0017

The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an...

openSUSE 10 Security Update : mozilla-xulrunner181 (mozilla-xulrunner181-5656)

This update brings mozilla-xulrunner181 to security fix version 1.8.1.17. It contains the following security fixes: MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters...

openSUSE 10 Security Update : seamonkey (seamonkey-5657)

This patch updates SeaMonkey to version 1.1.12, fixing security and other bugs : MFSA 2008-45 / CVE-2008-4069: XBM image uninitialized memory reading MFSA 2008-44 / CVE-2008-4067 / CVE-2008-4068: resource: traversal vulnerabilities MFSA 2008-43: BOM characters stripped from JavaScript before...

Mozilla Foundation Security Advisory 2008-33

Mozilla Foundation Security Advisory 2008-33 Title: Crash and remote code execution in block reflow Impact: Critical Announced: July 1, 2008 Reporter: Astabis iSIGHT Partners GVP Program Products: Firefox 2, Thunderbird 2, SeaMonkey Fixed in: Firefox 2.0.0.15 SeaMonkey 1.1.10 Description Security...

Slackware 11.0 / 12.0 : firefox (SSA:2007-200-01)

New mozilla-firefox packages are available for Slackware 11.0 and 12.0 to fix security issues. Note that Firefox 1.5.x has reached its EOL end of life and is no longer being updated by mozilla.com. Users of Firefox 1.5.x are encouraged to upgrade to Firefox 2.x. Since we use the official Firefox...

CVE-2007-2869

The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service persistent temporary CPU consumption via a large number of characters in a submitted form...