Vulnerabilities > Mozilla > Firefox > 2.0.0.9

DATE CVE VULNERABILITY TITLE RISK
2008-09-24 CVE-2008-4061 Numeric Errors vulnerability in multiple products
Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.
network
low complexity
mozilla debian canonical CWE-189
critical
10.0
2008-09-24 CVE-2008-4060 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.
network
low complexity
mozilla CWE-264
7.5
2008-09-24 CVE-2008-4059 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.
network
low complexity
mozilla CWE-264
7.5
2008-09-24 CVE-2008-4058 Permissions, Privileges, and Access Controls vulnerability in multiple products
The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.
network
low complexity
mozilla debian canonical CWE-264
7.5
2008-09-24 CVE-2008-3837 Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird
Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.
network
mozilla debian canonical
critical
9.3
2008-09-24 CVE-2008-3835 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.
network
low complexity
mozilla CWE-264
7.5
2008-09-24 CVE-2008-0016 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
network
low complexity
mozilla CWE-119
critical
10.0
2008-07-17 CVE-2008-2933 Improper Input Validation vulnerability in Mozilla Firefox
Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' (pipe) characters in a command-line URI as requests to open multiple tabs, which allows remote attackers to access chrome:i URIs, or read arbitrary local files via manipulations involving a series of URIs that is not entirely handled by a vector application, as exploited in conjunction with CVE-2008-2540.
network
high complexity
mozilla CWE-20
2.6
2008-07-08 CVE-2008-2809 Improper Input Validation vulnerability in multiple products
Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and other Mozilla-based web browsers, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regard the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
network
high complexity
mozilla netscape CWE-20
4.0
2008-07-07 CVE-2008-2811 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines.
network
low complexity
mozilla CWE-399
critical
10.0