Vulnerabilities > Canonical

DATE CVE VULNERABILITY TITLE RISK
2008-12-17 CVE-2008-5501 Remote vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey
The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.
network
low complexity
mozilla canonical
5.0
2008-12-17 CVE-2008-5500 Resource Management Errors vulnerability in multiple products
The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow.
network
low complexity
mozilla canonical debian CWE-399
critical
10.0
2008-11-13 CVE-2008-5024 XML Injection (Aka Blind Xpath Injection) vulnerability in multiple products
Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X document.
network
low complexity
mozilla debian canonical CWE-91
7.5
2008-11-13 CVE-2008-5023 Improper Input Validation vulnerability in multiple products
Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the protection mechanism for codebase principals and execute arbitrary script via the -moz-binding CSS property in a signed JAR file.
network
low complexity
mozilla debian canonical CWE-20
7.5
2008-11-13 CVE-2008-5022 Improper Authentication vulnerability in multiple products
The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass the inner window check.
network
low complexity
mozilla debian canonical CWE-287
7.5
2008-11-13 CVE-2008-5018 Resource Management Errors vulnerability in multiple products
The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.
network
low complexity
mozilla debian canonical CWE-399
critical
10.0
2008-11-13 CVE-2008-5017 Numeric Errors vulnerability in multiple products
Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors.
network
low complexity
mozilla debian canonical CWE-189
critical
10.0
2008-11-13 CVE-2008-5014 Improper Input Validation vulnerability in multiple products
jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.__proto__.__proto__ object in a way that causes a lock on a non-native object, which triggers an assertion failure related to the OBJ_IS_NATIVE function.
network
low complexity
mozilla debian canonical CWE-20
critical
10.0
2008-11-13 CVE-2008-0017 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
network
mozilla canonical debian CWE-119
critical
9.3
2008-11-13 CVE-2008-4989 Improper Certificate Validation vulnerability in multiple products
The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).
5.9