Vulnerabilities > Mozilla > Firefox > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-09 | CVE-2010-4508 | Unspecified vulnerability in Mozilla Firefox 4.0 The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification. | 10.0 |
| 2010-10-28 | CVE-2010-3765 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | 9.3 |
| 2010-10-21 | CVE-2010-3174 | Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
| 2010-10-21 | CVE-2010-3175 | Memory-Corruption vulnerability in Mozilla Firefox and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
| 2010-10-21 | CVE-2010-3176 | Memory-Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
| 2010-10-21 | CVE-2010-3179 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. | 9.3 |
| 2010-10-21 | CVE-2010-3180 | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. | 9.3 |
| 2010-10-21 | CVE-2010-3183 | Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. | 9.3 |
| 2010-09-09 | CVE-2010-2760 | Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via vectors involving a XUL tree selection, related to a "dangling pointer vulnerability." NOTE: this issue exists because of an incomplete fix for CVE-2010-2753. | 9.3 |
| 2010-09-09 | CVE-2010-2765 | Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Integer overflow in the FRAMESET element implementation in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via a large number of values in the cols (aka columns) attribute, leading to a heap-based buffer overflow. | 9.3 |