Vulnerabilities > Mozilla > Firefox > 3.0.12

DATE CVE VULNERABILITY TITLE RISK
2010-04-05 CVE-2010-0173 Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla
critical
9.3
2010-03-26 CVE-2010-1125 Information Exposure vulnerability in Mozilla Firefox and Seamonkey
The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.
network
mozilla CWE-200
5.8
2010-03-25 CVE-2010-0171 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object.
network
mozilla CWE-79
4.3
2010-03-25 CVE-2010-0169 Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to the XUL cache, which might allow remote attackers to modify the browser's font and other CSS attributes, and potentially disrupt rendering of a web page, by forcing the browser to perform this erroneous stylesheet caching.
network
low complexity
mozilla
5.0
2010-03-25 CVE-2010-0167 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.
network
mozilla CWE-119
critical
9.3
2010-02-22 CVE-2010-0162 Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document.
network
mozilla CWE-79
4.3
2010-02-22 CVE-2010-0160 Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
network
low complexity
mozilla CWE-399
critical
10.0
2010-02-22 CVE-2010-0159 Remote Memory Corruption vulnerability in Mozilla Firefox
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlockFrame::StealFrame function in layout/generic/nsBlockFrame.cpp, and unspecified other vectors.
network
low complexity
mozilla debian canonical
critical
10.0
2010-02-22 CVE-2009-3988 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArguments values.
network
low complexity
mozilla CWE-264
5.0
2010-02-22 CVE-2009-1571 Code Injection vulnerability in Mozilla Firefox and Seamonkey
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt to access freed objects in low-memory situations.
network
low complexity
mozilla CWE-94
critical
10.0