Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:seamonkey:1.1.14
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-1303 |
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree. Published: April 22, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1302 |
The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors. Published: April 22, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-0777 |
Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 decode invisible characters when they are displayed in the location bar, which causes an incorrect address to be displayed and makes it easier for remote attackers to spoof URLs and conduct phishing attacks. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2009-0776 |
nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2009-0775 |
Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not properly handled during garbage collection. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0774 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0773 |
The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to pass an incorrect argument to the ResizeSlots function, which triggers memory corruption; (2) vectors related to js_DecompileValueGenerator, jsopcode.cpp, __defineSetter__, and watch, which triggers an assertion failure or a segmentation fault; and (3) vectors related to gczeal, __defineSetter__, and watch, which triggers a hang. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0772 |
The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection, which triggers memory corruption. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2009-0771 |
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption and assertion failures. Published: March 04, 2009; 9:30:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-0652 |
The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected. Published: February 20, 2009; 2:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2008-5913 |
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." Published: January 20, 2009; 11:30:00 AM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2008-0593 |
Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original URL, such as with Single-Signon systems. Published: February 08, 2008; 8:00:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-6497 |
Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. Published: December 19, 2006; 8:28:00 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |