Search Results (Refine Search)
- CPE Product Version: cpe:/a:mozilla:seamonkey:2.0.11
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-0054 |
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" issue. Published: March 02, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0053 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: March 02, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0051 |
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges. Published: March 02, 2011; 3:00:01 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-1585 |
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element. Published: April 28, 2010; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |