Vulnerabilities > Mozilla > Firefox > 3.0.12

DATE CVE VULNERABILITY TITLE RISK
2012-11-21 CVE-2012-4212 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.
network
low complexity
mozilla canonical opensuse suse CWE-416
critical
10.0
2012-11-21 CVE-2012-4208 Information Exposure vulnerability in multiple products
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions on reading DOM object properties via a crafted web site.
4.3
2012-11-21 CVE-2012-4205 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on.
6.8
2012-11-21 CVE-2012-4204 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The str_unescape function in the JavaScript engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
9.3
2012-11-21 CVE-2012-4203 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
network
mozilla CWE-264
6.8
2012-10-12 CVE-2012-4191 Out-Of-Bounds Write vulnerability in multiple products
The mozilla::net::FailDelayManager::Lookup function in the WebSockets implementation in Mozilla Firefox before 16.0.1, Thunderbird before 16.0.1, and SeaMonkey before 2.13.1 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
network
mozilla canonical CWE-787
critical
9.3
2012-10-12 CVE-2012-4190 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
network
low complexity
mozilla cyanogenmod CWE-119
critical
10.0
2012-10-10 CVE-2012-5354 Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has multiple menus of SELECT elements active, which allows remote attackers to conduct clickjacking attacks via vectors involving an XPI file, the window.open method, and the Geolocation API, a different vulnerability than CVE-2012-3984.
network
mozilla
6.8
2012-10-10 CVE-2012-3989 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion failure) via a crafted web site.
network
mozilla canonical suse CWE-119
critical
9.3
2012-10-10 CVE-2012-3987 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.
network
high complexity
mozilla google CWE-264
4.0