SUSE CVE-2007-5334

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute...

SUSE CVE-2010-3168

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service deleted memory access...

GHSA-7W85-PP86-P4PQ XMLUI's metadata of withdrawn Items is exposed to anonymous users

Impact Metadata on a withdrawn Item is exposed via the XMLUI "mets.xml" object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. However, this vulnerability is very low severity as Item metadata does not tend to contain highly secure or sensitiv...

The vulnerability of the Developer Tools component of the Mozilla Firefox ESR browser allows a perpetrator to execute arbitrary code.

The vulnerability of the Developer Tools component in Mozilla Firefox and Firefox ESR browsers is related to the insufficient elimination of special elements in the source code of the pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code when opening a style edit...

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to circumvent restrictions

Mozilla SeaMonkey’s software contains a vulnerability related to errors in the implementation of the SOW System Only Wrapper program module. Exploiting this vulnerability allows malicious actors to circumvent restrictions on XUL content by using the XB content area, thereby enabling certain cloni...

CentOS Update for firefox CESA-2009:1095 centos5 i386

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2009:1095 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mozilla nsTreeSelection dangling pointer remote code execution vulnerability

Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code via a large selection attribute in a XUL tree element, which triggers a use-after-fre...

firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...

Firefox XUL garbage collection issue (cansecwest pwn2own)

Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009...

Firefox 3 User tracking via XUL persist attribute

Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute...

Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other...

Firefox < 1.0 Multiple Spoofing Vulnerabilities

The remote host is using Mozilla and/or Firefox, an alternative web browser. This web browser supports the XUL XML User Interface Language, a language designed to manipulate the user interface of the browser itself. Since XUL gives the full control of the browser GUI to the visited websites, an...