Vulnerabilities > Mozilla > Firefox > 3.0.7

DATE CVE VULNERABILITY TITLE RISK
2009-12-17 CVE-2009-3986 Code Injection vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
network
high complexity
mozilla CWE-94
7.6
2009-12-17 CVE-2009-3985 Multiple vulnerability in RETIRED: Mozilla Firefox and SeaMonkey MFSA 2009-65 through -71
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
network
mozilla
6.8
2009-12-17 CVE-2009-3984 Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
network
mozilla
6.8
2009-12-17 CVE-2009-3983 Multiple vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
network
mozilla
6.8
2009-12-17 CVE-2009-3981 Remote Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla
critical
9.3
2009-12-17 CVE-2009-3979 Remote Memory Corruption vulnerability in Mozilla Firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
mozilla
critical
9.3
2009-11-19 CVE-2009-3978 Unspecified vulnerability in Mozilla Firefox
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.
network
mozilla
4.3
2009-10-29 CVE-2009-3382 Remote Memory Corruption vulnerability in Mozilla Firefox
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
network
low complexity
mozilla
critical
10.0
2009-10-29 CVE-2009-3380 Remote Memory Corruption vulnerability in Mozilla Firefox
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0
2009-10-29 CVE-2009-3376 Configuration vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
network
mozilla CWE-16
critical
9.3