Vulnerabilities > Mozilla > Firefox > 3.5.2

DATE CVE VULNERABILITY TITLE RISK
2011-05-07 CVE-2011-0065 Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
network
low complexity
mozilla CWE-399
critical
10.0
2011-04-15 CVE-2011-1712 Information Exposure vulnerability in Mozilla Firefox and Seamonkey
The txXPathNodeUtils::getXSLTId function in txMozillaXPathTreeWalker.cpp and txStandaloneXPathTreeWalker.cpp in Mozilla Firefox before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1, and SeaMonkey before 2.0.14, allows remote attackers to obtain potentially sensitive information about heap memory addresses via an XML document containing a call to the XSLT generate-id XPath function.
network
mozilla CWE-200
4.3
2011-03-11 CVE-2011-1187 Information Exposure vulnerability in Google Chrome
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."
network
low complexity
google mozilla CWE-200
5.0
2011-03-02 CVE-2011-0059 Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Firefox and Seamonkey
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.
network
mozilla CWE-352
6.8
2011-03-02 CVE-2011-0058 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
network
low complexity
mozilla microsoft CWE-119
critical
10.0
2011-03-02 CVE-2011-0057 Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.
network
low complexity
mozilla CWE-399
critical
10.0
2011-03-02 CVE-2011-0056 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.
network
low complexity
mozilla CWE-119
critical
10.0
2011-03-02 CVE-2011-0055 Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey
Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js_HasOwnProperty function and garbage collection.
network
low complexity
mozilla CWE-399
critical
10.0
2011-03-02 CVE-2011-0054 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue.
network
low complexity
mozilla CWE-119
critical
10.0
2011-03-02 CVE-2011-0053 Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
10.0