Search CVE reports
101 – 110 of 163 results
CVE-2009-2665
Medium prioritySome fixes available 1 of 2
The nsDocument::SetScriptGlobalObject function in content/base/src/nsDocument.cpp in Mozilla Firefox 3.5.x before 3.5.2, when certain add-ons are enabled, does not properly handle a Link HTTP header, which allows remote attackers...
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2664
Medium prioritySome fixes available 1 of 2
The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla Firefox before 3.0.12 allows remote attackers to cause a denial of service (assertion failure and application exit) or possibly execute arbitrary...
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2662
Medium prioritySome fixes available 1 of 2
The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to...
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2470
Low prioritySome fixes available 1 of 2
Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote SOCKS5 proxy servers to cause a denial of service (data stream corruption) via a long domain name in a reply.
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2663
Medium prioritySome fixes available 4 of 6
libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 and other products, allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary...
4 affected packages
firefox, libvorbis, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| libvorbis | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2654
Medium priorityMozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL,...
4 affected packages
firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox-3.0 | — | — | — | — | — |
| firefox-3.5 | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2408
Medium priorityMozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN)...
5 affected packages
nss, openssl, xulrunner, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| nss | — | — | — | — | — |
| openssl | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2471
Medium prioritySome fixes available 5 of 6
The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2472
Medium prioritySome fixes available 5 of 6
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a...
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
CVE-2009-2469
Medium prioritySome fixes available 5 of 6
Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and...
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |