Vulnerabilities > Mozilla > Firefox > 2.0.0.19

DATE CVE VULNERABILITY TITLE RISK
2009-04-22 CVE-2009-1303 Configuration vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
network
low complexity
mozilla CWE-16
5.0
2009-03-27 CVE-2009-1169 Resource Management Errors vulnerability in Mozilla Firefox
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
network
mozilla CWE-399
critical
9.3
2009-03-05 CVE-2009-0821 Resource Management Errors vulnerability in Mozilla Firefox
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print function, as demonstrated by a window.print(window.print()) in the onclick attribute of an INPUT element.
network
low complexity
mozilla CWE-399
5.0
2009-03-05 CVE-2009-0777 Improper Input Validation vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks.
network
mozilla CWE-20
5.8
2009-03-05 CVE-2009-0776 Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect.
network
mozilla CWE-200
7.1
2009-03-05 CVE-2009-0775 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection.
network
low complexity
mozilla CWE-399
critical
10.0
2009-03-05 CVE-2009-0774 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773.
network
mozilla CWE-399
critical
9.3
2009-03-05 CVE-2009-0773 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang.
network
low complexity
mozilla CWE-399
critical
10.0
2009-03-05 CVE-2009-0772 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption.
network
mozilla CWE-399
critical
9.3
2009-02-20 CVE-2009-0652 Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233.
network
mozilla
5.8