Firefox@3.5.17 Security Vulnerabilities and Issues — Page 2 of Firefox@3.5.17 CVE List

Lucene search

MozillaFirefox3.5.17

59 matches found

CVE•added 2015/02/25 11:59 a.m.•63 views

CVE-2015-0830

The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a denial of service (application crash) via crafted WebGL content.

5CVSS8.8AI score0.01074EPSS

CVE•added 2011/08/18 6:55 p.m.•60 views

CVE-2011-2980

Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firef...

7.2CVSS8.8AI score0.00056EPSS

CVE•added 2013/12/11 3:55 p.m.•60 views

CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

5.8CVSS9AI score0.00882EPSS

CVE•added 2011/08/09 7:55 p.m.•55 views

CVE-2008-7293

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) inclu...

5.8CVSS6.6AI score0.00703EPSS

CVE•added 2014/02/06 5:44 a.m.•54 views

CVE-2014-1484

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

5CVSS8.5AI score0.00632EPSS

CVE•added 2014/03/19 10:55 a.m.•53 views

CVE-2014-1501

Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection.

5.8CVSS8.9AI score0.00229EPSS

CVE•added 2014/03/19 10:55 a.m.•53 views

CVE-2014-1506

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter a...

6.4CVSS8.4AI score0.02084EPSS

CVE•added 2011/04/15 8:55 p.m.•49 views

CVE-2011-1712

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memor...

4.3CVSS9AI score0.00331EPSS

CVE•added 2014/04/30 10:49 a.m.•49 views

CVE-2014-1527

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

5CVSS8.8AI score0.00846EPSS

Total number of security vulnerabilities59