Vulnerabilities > Mozilla > Firefox > 3.0.12

DATE CVE VULNERABILITY TITLE RISK
2012-10-10 CVE-2012-3985 Cross-Site Scripting vulnerability in multiple products
Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.
4.3
2012-10-10 CVE-2012-3984 Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling. 6.8
2012-10-10 CVE-2012-3983 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla canonical suse CWE-119
critical
10.0
2012-08-29 CVE-2012-3975 Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code.
network
mozilla CWE-200
4.3
2012-08-29 CVE-2012-3973 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.
network
high complexity
mozilla CWE-264
7.6
2012-08-29 CVE-2012-3971 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions.
network
low complexity
mozilla CWE-119
critical
10.0
2012-08-29 CVE-2012-3965 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window.
network
mozilla CWE-264
critical
9.3
2012-08-29 CVE-2012-1971 Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to garbage collection after certain MethodJIT execution, and unknown other vectors.
network
mozilla
critical
9.3
2012-08-29 CVE-2012-1956 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
network
mozilla CWE-79
4.3
2012-06-05 CVE-2012-1938 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.
network
mozilla opensuse suse redhat
critical
9.3