Firefox Security Vulnerabilities and Issues — Firefox CVE List

Lucene search

MozillaFirefox

7 matches found

CVE•added 2010/02/22 1:0 p.m.•96 views

CVE-2009-1571

Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situa...

10CVSS9.8AI score0.07855EPSS

CVE•added 2010/02/22 1:0 p.m.•93 views

CVE-2009-3988

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArg...

5CVSS8.5AI score0.0021EPSS

CVE•added 2010/02/22 1:0 p.m.•89 views

CVE-2010-0160

The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibl...

10CVSS10AI score0.05179EPSS

CVE•added 2010/02/22 1:0 p.m.•77 views

CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlock...

10CVSS8.8AI score0.02147EPSS

CVE•added 2010/02/22 1:0 p.m.•76 views

CVE-2010-0162

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote att...

4.3CVSS8.6AI score0.00817EPSS

CVE•added 2010/02/18 6:0 p.m.•67 views

CVE-2010-0654

Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 permit cross-origin loading of CSS stylesheets even when the stylesheet download has an incorrect MIME type and the stylesheet document is malformed, which a...

4.3CVSS7.5AI score0.00704EPSS

CVE•added 2010/02/18 6:0 p.m.•56 views

CVE-2010-0648

Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the document.styleSheets[0].href property value, relate...

4.3CVSS7.2AI score0.00441EPSS