Vulnerabilities > Mozilla > Firefox > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-10-29 | CVE-2009-3372 | Unspecified vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file. | 9.3 |
2009-10-29 | CVE-2009-3373 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox and Seamonkey Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2009-10-29 | CVE-2009-3376 | Configuration vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file. | 9.3 |
2009-10-29 | CVE-2009-3377 | Remote Memory Corruption vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-10-29 | CVE-2009-3378 | Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3 The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file. | 9.3 |
2009-10-29 | CVE-2009-3379 | Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3 Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-10-29 | CVE-2009-3380 | Remote Memory Corruption vulnerability in Mozilla Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-10-29 | CVE-2009-3381 | Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |
2009-10-29 | CVE-2009-3382 | Remote Memory Corruption vulnerability in Mozilla Firefox layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | 10.0 |
2009-10-29 | CVE-2009-3383 | Remote Memory Corruption vulnerability in Mozilla Firefox 3.5.1/3.5.2/3.5.3 Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 10.0 |