Vulnerabilities > Mozilla > Firefox > 3.0.7

DATE CVE VULNERABILITY TITLE RISK
2013-12-11 CVE-2013-5615 The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack vectors.
network
low complexity
mozilla canonical suse opensuse fedoraproject
7.5
2013-12-11 CVE-2013-5614 Improper Restriction of Rendered UI Layers OR Frames vulnerability in multiple products
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.
4.3
2013-12-11 CVE-2013-5613 USE After Free vulnerability in multiple products
Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function.
network
low complexity
mozilla fedoraproject suse opensuse redhat canonical CWE-416
critical
10.0
2013-12-11 CVE-2013-5612 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.
4.3
2013-12-11 CVE-2013-5611 Security Bypass vulnerability in Mozilla Firefox
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.
5.8
2013-12-11 CVE-2013-5610 Out-Of-Bounds Write vulnerability in multiple products
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla oracle fedoraproject canonical opensuse suse CWE-787
critical
10.0
2013-12-11 CVE-2013-5609 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla fedoraproject suse opensuse canonical redhat
critical
10.0
2013-10-30 CVE-2013-5592 Remote Memory Corruption vulnerability in Mozilla Firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 25.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0
2013-09-18 CVE-2013-1738 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.
network
mozilla CWE-399
critical
9.3
2013-09-18 CVE-2013-1731 Improper Input Validation vulnerability in Mozilla Firefox
Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory.
6.8