Vulnerabilities > Mozilla > Firefox > 2.0.0.19

DATE CVE VULNERABILITY TITLE RISK
2012-05-01 CVE-2011-3079 Resource Management Errors vulnerability in multiple products
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
network
low complexity
opensuse google mozilla CWE-399
critical
10.0
2012-02-01 CVE-2012-0449 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
network
mozilla debian opensuse suse CWE-119
critical
9.3
2012-02-01 CVE-2012-0444 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
network
low complexity
mozilla debian opensuse suse canonical CWE-119
critical
10.0
2012-02-01 CVE-2012-0442 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla debian opensuse suse
critical
9.3
2012-02-01 CVE-2011-3670 Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
network
low complexity
mozilla CWE-200
5.0
2012-02-01 CVE-2011-3659 USE After Free vulnerability in multiple products
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
network
mozilla opensuse suse CWE-416
critical
9.3
2011-12-21 CVE-2011-3666 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird
Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS X do not consider .jar files to be executable files, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted file.
6.8
2011-12-21 CVE-2011-3664 NULL Pointer Dereference Denial Of Service vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site.
network
mozilla apple
6.8
2011-12-07 CVE-2011-4688 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
network
low complexity
mozilla CWE-264
5.0
2011-12-07 CVE-2010-5074 Race Condition vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.
network
mozilla CWE-362
4.3