Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:firefox:4.0:beta12
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-1501 |
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. Published: March 19, 2014; 6:55:06 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2014-1489 |
Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. Published: February 06, 2014; 12:44:25 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-1484 |
Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application. Published: February 06, 2014; 12:44:24 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-5611 |
Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation. Published: December 11, 2013; 10:55:12 AM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2013-0790 |
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in. Published: April 03, 2013; 7:56:21 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2013-0751 |
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. Published: January 13, 2013; 3:55:01 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2012-5837 |
The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string. Published: November 21, 2012; 7:55:03 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4210 |
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. Published: November 21, 2012; 7:55:02 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-4206 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory. Published: November 21, 2012; 7:55:01 AM -0500 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2012-4203 |
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark. Published: November 21, 2012; 7:55:01 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-4190 |
The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. Published: October 12, 2012; 6:44:20 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2012-3993 |
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. Published: October 10, 2012; 1:55:02 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-3987 |
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. Published: October 10, 2012; 1:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-3980 |
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. Published: August 29, 2012; 6:56:41 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2012-3979 |
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. Published: August 29, 2012; 6:56:41 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3978 |
The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code. Published: August 29, 2012; 6:56:41 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2012-3975 |
The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by providing crafted data to privileged extension code. Published: August 29, 2012; 6:56:41 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-3974 |
Untrusted search path vulnerability in the installer in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 on Windows allows local users to gain privileges via a Trojan horse executable file in a root directory. Published: August 29, 2012; 6:56:41 AM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2012-3973 |
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. Published: August 29, 2012; 6:56:41 AM -0400 |
V3.x:(not available) V2.0: 7.6 HIGH |
CVE-2012-3971 |
Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the (1) Silf::readClassMap and (2) Pass::readPass functions. Published: August 29, 2012; 6:56:40 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |