SUSE CVE-2010-0165

The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service memory corruption and application crash and possibly execute arbitrary code via vectors involving certain indirect...

SUSE CVE-2010-1215

Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 do not properly implement access to a content object through a SafeJSObjectWrapper aka SJOW wrapper, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging "access to an object...

SUSE CVE-2011-0066

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList...

SUSE CVE-2011-0075

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

SUSE CVE-2011-0081

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

Mozilla Firefox 3.6 mChannel Use-After-Free Vulnerability

Mozilla Firefox 3.6 is prone to a use-after-free vulnerability in OBJECT mChannel that allows an attacker to execute arbitrary code. Title: Firefox 3.6 Universal function exploit var foo=document.getElementById"exploit";...

Mozilla Firefox 3.6 mChannel Use-After-Free

Title: Firefox 3.6 Universal function exploit var foo=document.getElementById"exploit"; e.QueryInterfaceComponents.interfaces.nsIChannelEventSink.onChannelRedirectnull,new Object,0; var vftable = unescape"\x00% u0c10"; var shellcode =...

Firefox 3.6 (XML parser) Memory Corruption PoC/DoS

No description provided by source. Firefox 3.6XML parsermemory corruption PoC/Dos by d3b4g From tiny islands of maldivies Tested: version 3.6 Tested on windows XP SP3 20-01-2010 This same bug was in early version of firfox,found by Wojciech Pawlikowski This is just a update. This vulnerability...

openSUSE Security Update : mozilla-xulrunner191 (mozilla-xulrunner191-4073)

Mozilla XULRunner 1.9.1 was updated to version 1.9.1.17, fixing various security issues. Following security issues were fixed: MFSA 2010-74 / CVE-2010-3777: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products...

Mozilla Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities

Binary data 6351.prm...

Firefox 3.6.x < 3.6.28 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox 3.6.x is potentially affected by the following security issues : - Multiple memory corruption issues. By tricking a user into visiting a specially crafted page, these issues may allow an attacker to execute arbitrary code in the context of the affected application...

.jar not treated as executable in Firefox 3.6 on Mac — Mozilla

Part of the fix for MFSA 2011-40, reported by Mariusz Mlynski, was to treat .jar files as executables. This is necessary because Java treats downloaded .jar files as fully-featured "Applications" rather than restricting them to the limited privileges of in-browser "Applets". The fix taken in...

loadSubScript unwraps XPCNativeWrapper scope parameter (1.9.2 branch) — Mozilla

Mozilla security researcher mozbugra4 reported that the problem described in MFSA 2011-43 and fixed in Firefox 7 also affected Firefox 3.6: a malicious page could potentially exploit a Firefox user who had installed an add-on that used loadSubscript in vulnerable ways...

Mandriva Update for nspluginwrapper MDVA-2011:045 (nspluginwrapper)

Check for the Version of nspluginwrapper OpenVAS Vulnerability Test Mandriva Update for nspluginwrapper MDVA-2011:045 nspluginwrapper Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute i...

Mandriva Update for nspluginwrapper MDVA-2011:045 (nspluginwrapper)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

MDVA-2011:045 : nspluginwrapper

This is a bugfix and maintenance release that upgrades nspluginwrapper to the latest version 1.4.4 which provides numerous fixes for firefox 3.6 and later. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on...

Mozilla Foundation Security Advisory 2011-37

Mozilla Foundation Security Advisory 2011-37 Title: Integer underflow when using JavaScript RegExp Impact: Critical Announced: September 27, 2011 Reporter: Mark Kaplan Products: Firefox 3.6 Fixed in: Firefox 3.6.23 Description Mark Kaplan reported a potentially exploitable crash due to integer...

Firefox 3.6.x < 3.6.21 Out-of-Date CA List

The installed version of Firefox 3.6.x is earlier than 3.6.21 and is potentially affected by an out-of-date certificate authority list. Due to the issuance of several fraudulent SSL certificates, the certificate authority DigiNotar has been disabled in Mozilla Firefox. C Tenable Network Security,...

Firefox 3.6 < 3.6.20 Multiple Vulnerabilities

The installed version of Firefox 3.6 is earlier than 3.6.20. As such, it is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. CVE-2011-0084 - A DOM accounting error exists in the 'appendChild' JavaScript function...

Mozilla Miscellaneous memory safety hazards (MFSA 2011-19)

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors, a different vulnerability than...