Vulnerabilities > Mozilla > Firefox > 1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-22 | CVE-2009-1309 | Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | 4.3 |
| 2009-04-22 | CVE-2009-1307 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | 6.8 |
| 2009-04-22 | CVE-2009-1306 | Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. | 4.3 |
| 2009-04-22 | CVE-2009-1303 | Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. | 5.0 |
| 2009-03-27 | CVE-2009-1169 | Resource Management Errors vulnerability in Mozilla Firefox The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform. | 9.3 |
| 2009-03-05 | CVE-2009-0821 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element. | 5.0 |
| 2009-03-05 | CVE-2009-0777 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. | 5.8 |
| 2009-03-05 | CVE-2009-0776 | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. | 7.1 |
| 2009-03-05 | CVE-2009-0775 | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. | 10.0 |
| 2009-03-05 | CVE-2009-0774 | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. | 9.3 |