Cross site scripting

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting XSS attacks, by using the addEventListener and setTimeo...

CVE-2009-3012

Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to 1 injecting a Location header that contains JavaScript...

CVE-2009-2479

Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service uncaught exception and application crash via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, ...

Mandrake Security Advisory MDVSA-2009:134 (firefox)

The remote host is missing an update to firefox announced via advisory MDVSA-2009:134. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:111 (firefox)

The remote host is missing an update to firefox announced via advisory MDVSA-2009:111. OpenVAS Vulnerability Test $Id: mdksa2009111.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:111 firefox Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Mandrake Security Advisory MDVSA-2009:111 (firefox)

The remote host is missing an update to firefox announced via advisory MDVSA-2009:111. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandriva Linux Security Advisory : firefox (MDVSA-2009:084)

Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.8 CVE-2009-1044, CVE-2009-1169. This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages requiring it have also been...

Mandrake Security Advisory MDVSA-2009:075 (firefox)

The remote host is missing an update to firefox announced via advisory MDVSA-2009:075. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

Mandrake Security Advisory MDVSA-2009:044 (firefox)

The remote host is missing an update to firefox announced via advisory MDVSA-2009:044. OpenVAS Vulnerability Test $Id: mdksa2009044.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:044 firefox Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...

CVE-2009-0354

Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting XSS attacks, via vectors involving a chrome XBL method and the window.eval...

Mozilla Firefox 3.x < 3.0.6 Multiple Vulnerabilities

Binary data 4922.prm...

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies...

Cross site scripting

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting XSS attacks via an XBL binding to an "unloaded document."...

CVE-2008-5505

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies...

CVE-2008-5502

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service crash via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions...

Layout engine crash - Firefox 3 only

The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure...

CVE-2008-5019

The session restore feature in Mozilla Firefox 3.x before 3.0.4 and 2.x before 2.0.0.18 allows remote attackers to violate the same origin policy to conduct cross-site scripting XSS attacks and execute arbitrary JavaScript with chrome privileges via unknown vectors...

Design/Logic Flaw

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash via multiple vectors that trigger an assertion failure or other consequences...

CVE-2008-5017

Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash via unknown vectors...