Vulnerabilities > Mozilla > Firefox > 2.0.0.17
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-12 | CVE-2009-1836 | Improper Authentication vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack. | 6.8 |
2009-06-12 | CVE-2009-1835 | Information Exposure vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via a crafted HTML document, as demonstrated by a URL with file://example.com/C:/ at the beginning. | 4.3 |
2009-06-12 | CVE-2009-1834 | Improper Input Validation vulnerability in Mozilla Firefox and Seamonkey Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115E characters. | 4.3 |
2009-06-12 | CVE-2009-1833 | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors. | 9.3 |
2009-06-12 | CVE-2009-1832 | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction." | 9.3 |
2009-04-22 | CVE-2009-1312 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. | 4.3 |
2009-04-22 | CVE-2009-1311 | Information Exposure vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame. | 4.3 |
2009-04-22 | CVE-2009-1310 | Cross-Site Scripting vulnerability in Mozilla Firefox Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element. | 4.3 |
2009-04-22 | CVE-2009-1309 | Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document. | 4.3 |
2009-04-22 | CVE-2009-1307 | Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI. | 6.8 |