Vulnerabilities > Mozilla > Firefox > 3.6.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-30 | CVE-2010-1210 | Improper Input Validation vulnerability in Mozilla Firefox and Thunderbird intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text. | 4.3 |
2010-07-30 | CVE-2010-1209 | Resource Management Errors vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, related to the NodeIterator interface and a javascript callback. | 9.3 |
2010-07-30 | CVE-2010-1208 | Use After Free vulnerability in Mozilla Firefox and Seamonkey Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via vectors related to deletion of an event attribute node with a nonzero reference count. | 8.8 |
2010-07-30 | CVE-2010-1207 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not properly implement read restrictions for CANVAS elements, which allows remote attackers to obtain sensitive cross-origin information via vectors involving reference retention and node deletion. | 4.3 |
2010-07-30 | CVE-2010-2754 | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script's URL in certain circumstances involving a redirect and an error message, which allows remote attackers to obtain sensitive information about script parameters via a crafted HTML document, related to the window.onerror handler. | 5.0 |
2010-06-30 | CVE-2010-1205 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | 9.8 |
2010-06-25 | CVE-2010-1206 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Seamonkey The startDocumentLoad function in browser/base/content/browser.js in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, does not properly implement the Same Origin Policy in certain circumstances related to the about:blank document and a document that is currently loading, which allows (1) remote web servers to conduct spoofing attacks via vectors involving a 204 (aka No Content) status code, and allows (2) remote attackers to conduct spoofing attacks via vectors involving a window.stop call. | 4.3 |
2010-06-24 | CVE-2010-1203 | Remote vulnerability in RETIRED: Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2010-26/27/28/29/30/32 The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp. | 9.3 |
2010-06-24 | CVE-2010-1202 | Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2010-06-24 | CVE-2010-1200 | Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |