Vulnerabilities > Mozilla > Firefox > 21.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-06-26 | CVE-2013-1690 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location. | 8.8 |
| 2013-06-26 | CVE-2013-1688 | Code Injection vulnerability in Mozilla Firefox The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site. | 9.3 |
| 2013-06-26 | CVE-2013-1683 | Memory Corruption vulnerability in Mozilla Firefox/Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
| 2013-03-15 | CVE-2013-2566 | Inadequate Encryption Strength vulnerability in multiple products The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext. | 5.9 |
| 2012-05-01 | CVE-2011-3079 | Resource Management Errors vulnerability in multiple products The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. | 10.0 |