Vulnerabilities > Mozilla > Firefox > 2.0.0.16

DATE CVE VULNERABILITY TITLE RISK
2008-09-24 CVE-2008-4063 Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird
Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and (1) a zero value of the "this" variable in the nsContentList::Item function; (2) interaction of the indic IME extension, a Hindi language selection, and the "g" character; and (3) interaction of the nsFrameList::SortByContentOrder function with a certain insufficient protection of inline frames.
network
canonical mozilla
critical
9.3
2008-09-24 CVE-2008-4062 Resource Management Errors vulnerability in multiple products
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.
network
low complexity
mozilla debian canonical CWE-399
critical
10.0
2008-09-24 CVE-2008-4061 Numeric Errors vulnerability in multiple products
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
network
low complexity
mozilla debian canonical CWE-189
critical
10.0
2008-09-24 CVE-2008-4060 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
network
low complexity
mozilla CWE-264
7.5
2008-09-24 CVE-2008-4059 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
network
low complexity
mozilla CWE-264
7.5
2008-09-24 CVE-2008-4058 Permissions, Privileges, and Access Controls vulnerability in multiple products
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
network
low complexity
mozilla debian canonical CWE-264
7.5
2008-09-24 CVE-2008-3837 Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
network
mozilla debian canonical
critical
9.3
2008-09-24 CVE-2008-3835 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
network
low complexity
mozilla CWE-264
7.5
2008-09-24 CVE-2008-0016 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
network
low complexity
mozilla CWE-119
critical
10.0