Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:thunderbird:2.0.0.14
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-2802 |
Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level." Published: July 07, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-2803 |
The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from (1) file: URIs, (2) data: URIs, or (3) certain non-canonical chrome: URIs, which allows remote attackers to execute arbitrary code via vectors involving third-party add-ons. Published: July 07, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-2811 |
The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, related to nsBlockFrame::DrainOverflowLines. Published: July 07, 2008; 7:41:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-2785 |
Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code via a large number of references to a common CSS object, leading to a counter overflow and a free of in-use memory, aka ZDI-CAN-349. Published: June 19, 2008; 5:41:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |