Vulnerabilities > Mozilla > Firefox > 4.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-03-11 | CVE-2011-1187 | Information Exposure vulnerability in Google Chrome Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." | 5.0 |
2010-12-09 | CVE-2010-4508 | Unspecified vulnerability in Mozilla Firefox 4.0 The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification. | 10.0 |
2010-09-15 | CVE-2010-3399 | Cryptographic Issues vulnerability in Mozilla Firefox The js_InitRandom function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a context pointer in conjunction with its successor pointer for seeding of a random number generator, which makes it easier for remote attackers to guess the seed value via a brute-force attack, a different vulnerability than CVE-2010-3171. | 5.8 |
2010-09-15 | CVE-2010-3171 | Cryptographic Issues vulnerability in Mozilla Firefox The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913. | 5.8 |