Vulnerabilities > Mozilla > Firefox > 3.0.15
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-12-17 | CVE-2009-3986 | Code Injection vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property. | 7.6 |
2009-12-17 | CVE-2009-3985 | Multiple vulnerability in RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71 Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654. network mozilla | 6.8 |
2009-12-17 | CVE-2009-3984 | Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body. network mozilla | 6.8 |
2009-12-17 | CVE-2009-3983 | Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user. network mozilla | 6.8 |
2009-12-17 | CVE-2009-3981 | Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2009-12-17 | CVE-2009-3979 | Remote Memory Corruption vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2009-11-19 | CVE-2009-3978 | Unspecified vulnerability in Mozilla Firefox The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373. network mozilla | 4.3 |
2009-08-04 | CVE-2009-2664 | Resource Management Errors vulnerability in Mozilla Firefox The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary code via a crafted .js file, related to a "memory safety bug." NOTE: this was originally reported as affecting versions before 3.0.13. | 5.0 |
2009-08-04 | CVE-2009-2663 | Resource Management Errors vulnerability in Mozilla Firefox libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .ogg file. | 9.3 |
2009-08-04 | CVE-2009-2470 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply. | 5.0 |