Firefox Security Vulnerabilities and Issues — Firefox CVE List

Lucene search

MozillaFirefox

15 matches found

CVE•added 2011/09/06 7:55 p.m.•646 views

CVE-2011-3389

The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP...

4.3CVSS6.5AI score0.04513EPSS

CVE•added 2011/09/29 12:55 a.m.•194 views

CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting attac...

4.3CVSS9.2AI score0.01301EPSS

CVE•added 2011/09/29 12:55 a.m.•132 views

CVE-2011-2372

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

3.5CVSS9.1AI score0.00429EPSS

CVE•added 2011/09/29 12:55 a.m.•112 views

CVE-2011-2995

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknow...

10CVSS10AI score0.01877EPSS

CVE•added 2011/09/29 12:55 a.m.•94 views

CVE-2011-3004

The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey before 2.4 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping be...

4.3CVSS9.1AI score0.00312EPSS

CVE•added 2011/09/29 12:55 a.m.•94 views

CVE-2011-3005

Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file.

9.3CVSS9.6AI score0.03362EPSS

CVE•added 2011/09/29 12:55 a.m.•89 views

CVE-2011-3232

YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.

9.3CVSS9.6AI score0.04655EPSS

CVE•added 2011/09/29 12:55 a.m.•83 views

CVE-2011-3002

Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vec...

9.3CVSS9.7AI score0.02067EPSS

CVE•added 2011/09/29 12:55 a.m.•78 views

CVE-2011-2999

Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.

4.3CVSS9.2AI score0.00722EPSS

CVE•added 2011/09/30 10:55 a.m.•74 views

CVE-2011-2998

Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.

10CVSS9.7AI score0.02766EPSS

CVE•added 2011/09/29 12:55 a.m.•60 views

CVE-2011-3001

Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecifi...

4.3CVSS9AI score0.00201EPSS

CVE•added 2011/09/29 12:55 a.m.•58 views

CVE-2011-2996

Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.7AI score0.05178EPSS

CVE•added 2011/09/29 12:55 a.m.•58 views

CVE-2011-2997

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.02981EPSS

CVE•added 2011/09/29 12:55 a.m.•56 views

CVE-2011-3003

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unspecified WebGL test case that triggers a memory-allocation error and a resulting out-of-bounds write operation.

10CVSS9.8AI score0.01512EPSS

CVE•added 2011/09/29 12:55 a.m.•53 views

CVE-2011-3866

Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly restrict availability of motion data events, which makes it easier for remote attackers to read keystrokes by leveraging JavaScript code running in a background tab.

4.3CVSS9.1AI score0.00418EPSS