Vulnerabilities > Mozilla > Firefox > 3.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-20 | CVE-2009-2535 | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692. | 5.0 |
2009-07-16 | CVE-2009-2479 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. | 7.8 |
2009-07-01 | CVE-2009-0689 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. | 6.8 |
2009-06-15 | CVE-2009-2065 | Improper Authentication vulnerability in Mozilla Firefox Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages." | 6.8 |
2009-06-15 | CVE-2009-2061 | Cryptographic Issues vulnerability in Mozilla Firefox Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. | 9.3 |
2009-06-12 | CVE-2009-2044 | Improper Input Validation vulnerability in Mozilla Firefox Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | 4.3 |
2009-06-12 | CVE-2009-2043 | Improper Input Validation vulnerability in Mozilla Firefox nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE. | 4.3 |
2009-06-12 | CVE-2009-1841 | Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter. | 9.3 |
2009-06-12 | CVE-2009-1840 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page. | 9.3 |
2009-06-12 | CVE-2009-1839 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "file-URL-to-file-URL scripting" attack. | 5.4 |