Lucene search

K
MozillaFirefox3.1

7 matches found

CVE
CVE
added 2009/08/03 2:30 p.m.85 views

CVE-2009-2654

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the ...

5.8CVSS5.7AI score0.13196EPSS
CVE
CVE
added 2009/03/23 2:19 p.m.81 views

CVE-2009-0723

Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained fr...

9.3CVSS7.9AI score0.00945EPSS
CVE
CVE
added 2009/03/23 2:19 p.m.81 views

CVE-2009-0733

Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for th...

9.3CVSS7.8AI score0.01738EPSS
CVE
CVE
added 2009/03/23 2:19 p.m.79 views

CVE-2009-0581

Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.

4.3CVSS7.1AI score0.0212EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.75 views

CVE-2009-1839

Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.

5.4CVSS7.2AI score0.15161EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.68 views

CVE-2009-1840

Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web scrip...

9.3CVSS7.2AI score0.01388EPSS
CVE
CVE
added 2010/07/30 8:30 p.m.53 views

CVE-2010-1210

intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafte...

4.3CVSS8.4AI score0.00254EPSS