Vulnerabilities > Mozilla > Firefox > 2.0.0.19

DATE CVE VULNERABILITY TITLE RISK
2013-04-03 CVE-2013-0789 Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/Seamonkey
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjects function and the nsAutoPtr class, and other vectors.
network
low complexity
mozilla
critical
10.0
2013-03-15 CVE-2013-2566 Inadequate Encryption Strength vulnerability in multiple products
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
network
high complexity
oracle fujitsu canonical mozilla CWE-326
5.9
2013-02-19 CVE-2013-0772 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.
5.8
2013-02-19 CVE-2013-0765 Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
network
mozilla opensuse canonical
critical
9.3
2013-01-13 CVE-2013-0751 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.
5.8
2012-11-21 CVE-2012-5837 Code Injection vulnerability in Mozilla Firefox
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
network
mozilla CWE-94
6.8
2012-11-21 CVE-2012-5836 Code Injection vulnerability in multiple products
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the setting of Cascading Style Sheets (CSS) properties in conjunction with SVG text.
network
low complexity
mozilla opensuse suse canonical CWE-94
7.5
2012-11-21 CVE-2012-5830 Use After Free vulnerability in multiple products
Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 on Mac OS X allows remote attackers to execute arbitrary code via an HTML document.
network
low complexity
mozilla redhat canonical opensuse suse CWE-416
8.8
2012-11-21 CVE-2012-4218 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the BuildTextRunsScanner::BreakSink::SetBreaks function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
network
low complexity
mozilla canonical opensuse suse CWE-416
critical
10.0
2012-11-21 CVE-2012-4217 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
9.3