Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:thunderbird:3.1.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-2363 |
Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. Published: June 30, 2011; 12:55:05 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-2362 |
Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. Published: June 30, 2011; 12:55:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-0085 |
Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. Published: June 30, 2011; 12:55:04 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0083 |
Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. Published: June 30, 2011; 12:55:04 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-2366 |
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Published: June 30, 2011; 11:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1187 |
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Published: March 10, 2011; 9:01:18 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |