Firefox@3.5.9 Security Vulnerabilities and Issues — Page 4 of Firefox@3.5.9 CVE List

Lucene search

MozillaFirefox3.5.9

166 matches found

CVE•added 2014/03/19 10:55 a.m.•53 views

CVE-2014-1506

Directory traversal vulnerability in Android Crash Reporter in Mozilla Firefox before 28.0 on Android allows attackers to trigger the transmission of local files to arbitrary servers, or cause a denial of service (application crash), via a crafted application that specifies Android Crash Reporter a...

6.4CVSS8.4AI score0.02084EPSS

CVE•added 2011/12/07 7:55 p.m.•52 views

CVE-2010-5074

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS8.9AI score0.00178EPSS

CVE•added 2012/11/21 12:55 p.m.•52 views

CVE-2012-4210

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via ...

9.3CVSS8.4AI score0.03834EPSS

CVE•added 2011/11/09 11:55 a.m.•51 views

CVE-2011-3654

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspeci...

10CVSS9.8AI score0.19734EPSS

CVE•added 2013/04/03 11:56 a.m.•50 views

CVE-2013-0790

Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in.

10CVSS7.9AI score0.06334EPSS

CVE•added 2011/04/15 8:55 p.m.•49 views

CVE-2011-1712

The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memor...

4.3CVSS9AI score0.00331EPSS

CVE•added 2012/11/21 12:55 p.m.•49 views

CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.

6.8CVSS8.4AI score0.02473EPSS

CVE•added 2014/04/30 10:49 a.m.•49 views

CVE-2014-1527

Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen.

5CVSS8.8AI score0.00846EPSS

CVE•added 2010/06/01 8:30 p.m.•48 views

CVE-2010-2117

Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid (1) news:// or (2) nntp:// URIs.

4.3CVSS7AI score0.0072EPSS

CVE•added 2011/11/09 11:55 a.m.•48 views

CVE-2011-3652

The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.8AI score0.05919EPSS

CVE•added 2011/11/09 11:55 a.m.•46 views

CVE-2011-3653

Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

5CVSS8.9AI score0.00234EPSS

CVE•added 2011/12/07 7:55 p.m.•45 views

CVE-2002-2437

The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web...

5CVSS6.1AI score0.00294EPSS

CVE•added 2011/12/21 4:2 a.m.•45 views

CVE-2011-3664

Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other...

6.8CVSS7.2AI score0.01153EPSS

CVE•added 2012/11/21 12:55 p.m.•42 views

CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

6.8CVSS7.5AI score0.01642EPSS

CVE•added 2012/10/12 10:44 a.m.•41 views

CVE-2012-4190

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

10CVSS9.6AI score0.08531EPSS

CVE•added 2012/10/10 5:55 p.m.•40 views

CVE-2012-3987

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

4CVSS6.3AI score0.0023EPSS

Total number of security vulnerabilities166