Vulnerabilities > Mozilla > Seamonkey > 2.0.9

DATE CVE VULNERABILITY TITLE RISK
2011-08-18 CVE-2011-0084 Code Injection vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."
network
low complexity
mozilla CWE-94
critical
 10.0
10
2011-06-30 CVE-2011-2377 Buffer Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.
network
low complexity
mozilla CWE-119
5.0
5.0
2011-06-30 CVE-2011-2373 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.
network
high complexity
mozilla CWE-399
7.6
7.6
2011-06-30 CVE-2011-2371 Numeric Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
network
low complexity
mozilla CWE-189
critical
 10.0
10
2011-06-30 CVE-2011-2363 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
network
low complexity
mozilla CWE-399
critical
 10.0
10
2011-06-30 CVE-2011-2362 Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.
network
low complexity
mozilla CWE-264
5.0
5.0
2011-06-30 CVE-2011-0085 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.
network
low complexity
mozilla CWE-399
critical
 10.0
10
2011-06-30 CVE-2011-0083 Resource Management Errors vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback.
network
low complexity
mozilla CWE-399
critical
 10.0
10
2011-05-07 CVE-2011-0080 Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
network
low complexity
mozilla
critical
 10.0
10
2011-05-07 CVE-2011-0078 Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077.
network
low complexity
mozilla
critical
 10.0
10