Vulnerabilities > Mozilla > Firefox > 3.0.5

DATE CVE VULNERABILITY TITLE RISK
2010-10-21 CVE-2010-3177 Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
network
mozilla CWE-79
4.3
2010-10-21 CVE-2010-3173 Cryptographic Issues vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
network
low complexity
mozilla CWE-310
7.5
2010-10-21 CVE-2010-3170 Cryptographic Issues vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
network
mozilla CWE-310
4.3
2010-09-09 CVE-2010-3169 Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla
critical
9.3
2010-09-09 CVE-2010-3168 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access and application crash) or possibly execute arbitrary code by setting unspecified properties.
network
mozilla CWE-119
critical
9.3
2010-09-09 CVE-2010-3167 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The nsTreeContentView function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle node removal in XUL trees, which allows remote attackers to execute arbitrary code via vectors involving access to deleted memory, related to a "dangling pointer vulnerability."
network
mozilla CWE-119
critical
9.3
2010-09-09 CVE-2010-3166 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Heap-based buffer overflow in the nsTextFrameUtils::TransformText function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a bidirectional text run.
network
mozilla CWE-119
critical
9.3
2010-09-09 CVE-2010-2770 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Mac OS X allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted font in a data: URL.
network
mozilla apple CWE-119
critical
9.3
2010-09-09 CVE-2010-2769 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote attackers to inject arbitrary web script or HTML via a selection that is added to a document in which the designMode property is enabled.
network
mozilla CWE-79
4.3
2010-09-09 CVE-2010-2768 Cross-Site Scripting vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms via UTF-7 encoding.
network
mozilla CWE-79
4.3