Vulnerabilities > Mozilla > Firefox > 2.0.0.16

DATE CVE VULNERABILITY TITLE RISK
2009-07-22 CVE-2009-2463 Numeric Errors vulnerability in Mozilla Firefox and Thunderbird
Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.
network
low complexity
mozilla CWE-189
critical
10.0
2009-07-22 CVE-2009-2462 Resource Management Errors vulnerability in Mozilla Firefox and Thunderbird
The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.
network
low complexity
mozilla CWE-399
critical
10.0
2009-07-20 CVE-2009-2535 Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
network
low complexity
mozilla CWE-189
5.0
2009-06-15 CVE-2009-2065 Improper Authentication vulnerability in Mozilla Firefox
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
network
mozilla CWE-287
6.8
2009-06-15 CVE-2009-2061 Cryptographic Issues vulnerability in Mozilla Firefox
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
network
mozilla CWE-310
critical
9.3
2009-06-12 CVE-2009-2044 Improper Input Validation vulnerability in Mozilla Firefox
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
network
mozilla linux CWE-20
4.3
2009-06-12 CVE-2009-1841 Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
network
mozilla CWE-94
critical
9.3
2009-06-12 CVE-2009-1840 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
network
mozilla CWE-264
critical
9.3
2009-06-12 CVE-2009-1839 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack.
network
high complexity
mozilla CWE-264
5.4
2009-06-12 CVE-2009-1838 Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
network
mozilla CWE-94
critical
9.3