Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)

Check for the Version of mozilla-firefox OpenVAS Vulnerability Test Mandriva Update for mozilla-firefox MDVSA-2008:228 mozilla-firefox Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

Mandriva Update for mozilla-firefox MDVSA-2008:228 (mozilla-firefox)

Check for the Version of mozilla-firefox OpenVAS Vulnerability Test Mandriva Update for mozilla-firefox MDVSA-2008:228 mozilla-firefox Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute ...

Cross site scripting

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

CVE-2008-5019

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...

Design/Logic Flaw

Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly change the source URI when processing a canvas element and an HTTP redirect, which allows remote attackers to bypass the same origin policy and access arbitrary images that are no...

Design/Logic Flaw

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

CVE-2008-0017

CVE-2008-0017 is a buffer overflow in the http-index-format parser (nsDirIndexParser) that could lead to remote arbitrary code execution. Public advisories show affected Mozilla-family products (Firefox/Iceweasel/Iceape/SeaMonkey/XULRunner) with fixes in Firefox 3.0.4 and corresponding Mozilla/NS...

Mozilla crash with evidence of memory corruption

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash via vectors related to "insufficient class checking" in the Date class...

CVE-2008-0017

The http-index-format MIME type parser nsDirIndexParser in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via an...

Slackware 11.0 / 12.0 : firefox (SSA:2007-200-01)

New mozilla-firefox packages are available for Slackware 11.0 and 12.0 to fix security issues. Note that Firefox 1.5.x has reached its EOL end of life and is no longer being updated by mozilla.com. Users of Firefox 1.5.x are encouraged to upgrade to Firefox 2.x. Since we use the official Firefox...

CVE-2007-2869

The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service persistent temporary CPU consumption via a large number of characters in a submitted form...