Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox:4.0:beta12
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-2369 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity. Published: June 30, 2011; 12:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2368 |
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Published: June 30, 2011; 12:55:05 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-2367 |
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors. Published: June 30, 2011; 12:55:05 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2011-2598 |
The WebGL implementation in Mozilla Firefox 4.x allows remote attackers to obtain screenshots of the windows of arbitrary desktop applications via vectors involving an SVG filter, an IFRAME element, and uninitialized data in graphics memory. Published: June 30, 2011; 11:55:04 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2366 |
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Published: June 30, 2011; 11:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-0082 |
The X.509 certificate validation functionality in Mozilla Firefox 4.0.x through 4.0.1 does not properly implement single-session security exceptions, which might make it easier for user-assisted remote attackers to spoof an SSL server via an untrusted certificate that triggers potentially unwanted local caching of documents from that server. Published: June 06, 2011; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-0081 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: May 07, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0079 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/layers/d3d10/ReadbackManagerD3D10.cpp and unknown other vectors. Published: May 07, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0070 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. Published: May 07, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0069 |
Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. Published: May 07, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-1300 |
The Program::getActiveUniformMaxLength function in libGLESv2/Program.cpp in libGLESv2.dll in the WebGLES library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox 4.x before 4.0.1 on Windows and in the GPU process in Google Chrome before 10.0.648.205 on Windows, allows remote attackers to execute arbitrary code via unspecified vectors, related to an "off-by-three" error. Published: April 15, 2011; 3:55:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |