Vulnerabilities > Mozilla > Firefox > 2.0.0.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-31 | CVE-2009-3010 | Cross-Site Scripting vulnerability in Mozilla Firefox, Mozilla and Seamonkey Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; SeaMonkey 1.1.17; and Mozilla 1.7.x and earlier do not properly block data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header. | 4.3 |
| 2009-08-04 | CVE-2009-2664 | Resource Management Errors vulnerability in Mozilla Firefox The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. | 5.0 |
| 2009-08-04 | CVE-2009-2663 | Resource Management Errors vulnerability in Mozilla Firefox libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. | 9.3 |
| 2009-08-04 | CVE-2009-2662 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/src/jstracer.cpp, and unspecified other vectors. | 10.0 |
| 2009-08-04 | CVE-2009-2470 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | 5.0 |
| 2009-08-03 | CVE-2009-2654 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page. | 5.8 |
| 2009-07-30 | CVE-2009-2408 | Improper Certificate Validation vulnerability in multiple products Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. | 5.9 |
| 2009-07-22 | CVE-2009-2472 | Cross-Site Scripting vulnerability in multiple products Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass." | 4.3 |
| 2009-07-22 | CVE-2009-2471 | Unspecified vulnerability in Mozilla Firefox The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper. | 10.0 |
| 2009-07-22 | CVE-2009-2469 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation. | 10.0 |