Vulnerabilities > Mozilla > Firefox > 3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-04 | CVE-2009-0358 | Information Exposure vulnerability in Mozilla Firefox Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request. | 3.3 |
| 2009-02-04 | CVE-2009-0357 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not properly restrict access from web pages to the (1) Set-Cookie and (2) Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. | 5.0 |
| 2009-02-04 | CVE-2009-0355 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox components/sessionstore/src/nsSessionStore.js in Mozilla Firefox before 3.0.6 does not block changes of INPUT elements to type="file" during tab restoration, which allows user-assisted remote attackers to read arbitrary files on a client machine via a crafted INPUT element. | 5.4 |
| 2009-02-04 | CVE-2009-0353 | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine. | 10.0 |
| 2009-02-04 | CVE-2009-0352 | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the layout engine and destruction of arbitrary layout objects by the nsViewManager::Composite function. | 10.0 |
| 2009-01-08 | CVE-2009-0071 | Resource Management Errors vulnerability in Mozilla Firefox Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. | 2.6 |
| 2008-12-17 | CVE-2008-5512 | Permissions, Privileges, and Access Controls vulnerability in multiple products Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." | 6.8 |
| 2008-12-17 | CVE-2008-5510 | Remote vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | 5.0 |
| 2008-12-17 | CVE-2008-5508 | Improper Input Validation vulnerability in multiple products Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. | 4.3 |
| 2008-12-17 | CVE-2008-5507 | Information Exposure vulnerability in multiple products Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. | 6.0 |