Vulnerabilities > Mozilla > Firefox > 0.9.rc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-27 | CVE-2009-1169 | Resource Management Errors vulnerability in Mozilla Firefox The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | 9.3 |
| 2009-03-05 | CVE-2009-0821 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. | 5.0 |
| 2009-02-04 | CVE-2009-0355 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. | 5.4 |
| 2008-11-13 | CVE-2008-5013 | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do not properly check when the Flash module has been dynamically unloaded properly, which allows remote attackers to execute arbitrary code via a crafted SWF file that "dynamically unloads itself from an outside JavaScript function," which triggers an access of an expired memory address. | 9.3 |
| 2008-09-24 | CVE-2008-4069 | Information Exposure vulnerability in Mozilla Firefox and Seamonkey The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file. | 5.0 |
| 2008-09-24 | CVE-2008-4060 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT. | 7.5 |
| 2008-09-24 | CVE-2008-4059 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element. | 7.5 |
| 2008-09-24 | CVE-2008-3835 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors. | 7.5 |
| 2008-09-24 | CVE-2008-0016 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link. | 10.0 |
| 2007-02-26 | CVE-2007-0779 | Remote vulnerability in Mozilla Thunderbird/SeaMonkey/Firefox GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor. | 6.4 |