Vulnerabilities > Mozilla > Firefox > 2.0.0.9

DATE CVE VULNERABILITY TITLE RISK
2014-12-11 CVE-2014-8631 Improper Access Control vulnerability in Mozilla Firefox and Seamonkey
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.
network
mozilla CWE-284
4.3
2014-12-11 CVE-2014-1594 Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 might allow remote attackers to execute arbitrary code by leveraging an incorrect cast from the BasicThebesLayer data type to the BasicContainerLayer data type.
network
mozilla CWE-20
6.8
2014-12-11 CVE-2014-1593 Buffer Errors vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey
Stack-based buffer overflow in the mozilla::FileBlockCache::Read function in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code via crafted media content.
network
mozilla CWE-119
6.8
2014-12-11 CVE-2014-1592 Use After Free Memory Corruption vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey
Use-after-free vulnerability in the nsHtml5TreeOperation function in xul.dll in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to execute arbitrary code by adding a second root element to an HTML5 document during parsing.
network
mozilla
6.8
2014-12-11 CVE-2014-1590 Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey
The XMLHttpRequest.prototype.send method in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allows remote attackers to cause a denial of service (application crash) via a crafted JavaScript object.
network
mozilla CWE-20
4.3
2014-12-11 CVE-2014-1589 Improper Access Control vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide stylesheets with an incorrect primary namespace, which allows remote attackers to bypass intended access restrictions via an XBL binding.
network
mozilla CWE-284
6.8
2014-12-11 CVE-2014-1588 Memory Corruption vulnerability in Mozilla Firefox/Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla
6.8
2014-12-11 CVE-2014-1587 Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Seamonkey
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla CWE-20
6.8
2014-10-15 CVE-2014-1584 Cryptographic Issues vulnerability in Mozilla Firefox
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 skips pinning checks upon an unspecified issuer-verification error, which makes it easier for remote attackers to bypass an intended pinning configuration and spoof a web site via a crafted certificate that leads to presentation of the Untrusted Connection dialog to the user.
network
mozilla CWE-310
4.3
2014-10-15 CVE-2014-1582 Cryptographic Issues vulnerability in Mozilla Firefox
The Public Key Pinning (PKP) implementation in Mozilla Firefox before 33.0 does not properly consider the connection-coalescing behavior of SPDY and HTTP/2 in the case of a shared IP address, which allows man-in-the-middle attackers to bypass an intended pinning configuration and spoof a web site by providing a valid certificate from an arbitrary recognized Certification Authority.
network
mozilla CWE-310
4.3