Vulnerabilities > Mozilla > Firefox > 2.0.0.21
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-04 | CVE-2009-2470 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | 5.0 |
| 2009-08-03 | CVE-2009-2654 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | 5.8 |
| 2009-07-22 | CVE-2009-2471 | Unspecified vulnerability in Mozilla Firefox The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. | 10.0 |
| 2009-07-22 | CVE-2009-2469 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | 10.0 |
| 2009-07-22 | CVE-2009-2468 | Numeric Errors vulnerability in Mozilla Firefox Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194. | 10.0 |
| 2009-07-22 | CVE-2009-2467 | Unspecified vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object. | 10.0 |
| 2009-07-22 | CVE-2009-2466 | Resource Management Errors vulnerability in Mozilla Firefox and Thunderbird The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. | 10.0 |
| 2009-07-22 | CVE-2009-2465 | Resource Management Errors vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function. | 10.0 |
| 2009-07-22 | CVE-2009-2464 | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element. | 10.0 |
| 2009-07-22 | CVE-2009-2463 | Numeric Errors vulnerability in Mozilla Firefox and Thunderbird Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows. | 10.0 |