Vulnerabilities > Mozilla > Firefox > 3.5.2

DATE CVE VULNERABILITY TITLE RISK
2013-06-26 CVE-2013-1688 Code Injection vulnerability in Mozilla Firefox
The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.
network
mozilla CWE-94
critical
9.3
2013-06-26 CVE-2013-1683 Memory Corruption vulnerability in Mozilla Firefox/Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0
2013-05-16 CVE-2013-1675 Improper Initialization vulnerability in multiple products
Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 do not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
network
low complexity
mozilla canonical debian redhat opensuse CWE-665
6.5
2013-05-16 CVE-2013-1673 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not properly maintain Mozilla Maintenance Service registry entries in certain situations involving upgrades from older Firefox versions, which allows local users to gain privileges by leveraging write access to a "trusted path."
6.9
2013-05-16 CVE-2013-1671 Improper Input Validation vulnerability in Mozilla Firefox
Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site.
network
mozilla CWE-20
4.3
2013-05-16 CVE-2013-1669 Memory Corruption vulnerability in Mozilla Firefox and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0
2013-04-03 CVE-2013-0798 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox
Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used.
4.3
2013-04-03 CVE-2013-0794 Information Disclosure vulnerability in Mozilla Firefox/SeaMonkey
Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.
network
mozilla
5.8
2013-04-03 CVE-2013-0792 Information Exposure vulnerability in Mozilla Firefox and Seamonkey
Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a grayscale PNG image.
network
mozilla CWE-200
4.3
2013-04-03 CVE-2013-0790 Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/Seamonkey
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in.
network
low complexity
mozilla google
critical
10.0