Vulnerabilities > Mozilla > Firefox > 2.0.0.9

DATE CVE VULNERABILITY TITLE RISK
2011-08-18 CVE-2011-2980 Remote Arbitrary Code Execution vulnerability in Mozilla Firefox and Thunderbird
Untrusted search path vulnerability in the ThinkPadSensor::Startup function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, allows local users to gain privileges by leveraging write access in an unspecified directory to place a Trojan horse DLL that is loaded into the running Firefox process.
local
low complexity
mozilla
7.2
2011-08-18 CVE-2011-2378 Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer."
network
low complexity
mozilla CWE-94
critical
10.0
2011-08-18 CVE-2011-0084 Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
network
low complexity
mozilla CWE-94
critical
10.0
2011-08-09 CVE-2008-7293 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
network
mozilla CWE-264
5.8
2011-06-30 CVE-2011-2605 Code Injection vulnerability in Mozilla Firefox and Thunderbird
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374.
network
mozilla CWE-94
4.3
2011-06-30 CVE-2011-2377 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
network
low complexity
mozilla CWE-119
5.0
2011-06-30 CVE-2011-2376 Memory Corruption vulnerability in Mozilla Firefox and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0
2011-06-30 CVE-2011-2375 Memory Corruption vulnerability in Mozilla Firefox and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0
2011-06-30 CVE-2011-2374 Memory Corruption vulnerability in Mozilla Firefox and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0
2011-06-30 CVE-2011-2373 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
network
high complexity
mozilla CWE-399
7.6