Filtered by vendor Mozilla
Subscriptions
Filtered by product Firefox
Subscriptions
Total
2623 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-2984 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-06 | N/A |
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | ||||
CVE-2011-2668 | 1 Mozilla | 1 Firefox | 2024-08-06 | 8.8 High |
Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header | ||||
CVE-2011-2669 | 1 Mozilla | 1 Firefox | 2024-08-06 | 6.5 Medium |
Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates. | ||||
CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2024-08-06 | N/A |
EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | ||||
CVE-2011-2670 | 1 Mozilla | 1 Firefox | 2024-08-06 | 6.1 Medium |
Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets | ||||
CVE-2011-2605 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-08-06 | N/A |
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a \n (newline) character, which is not properly handled in a JavaScript "document.cookie =" expression, a different vulnerability than CVE-2011-2374. | ||||
CVE-2011-2598 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. | ||||
CVE-2011-2369 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. | ||||
CVE-2011-2368 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | ||||
CVE-2011-2374 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2011-2371 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-06 | N/A |
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | ||||
CVE-2011-2377 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-06 | N/A |
Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image. | ||||
CVE-2011-2376 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2011-2364 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-08-06 | N/A |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. | ||||
CVE-2011-2375 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2024-08-06 | N/A |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | ||||
CVE-2011-2366 | 1 Mozilla | 3 Firefox, Gecko, Thunderbird | 2024-08-06 | N/A |
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. | ||||
CVE-2011-2363 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-06 | N/A |
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | ||||
CVE-2011-2373 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-06 | N/A |
Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | ||||
CVE-2011-2378 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-06 | N/A |
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." | ||||
CVE-2011-2372 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-08-06 | N/A |
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. |