Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:mozilla:firefox:3.6.18:*:*:*:*:*:*:*
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-2378 |
The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointer." Published: August 18, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-0084 |
The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." Published: August 18, 2011; 2:55:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-7293 |
Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. Published: August 09, 2011; 3:55:01 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2011-2375 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. Published: June 30, 2011; 12:55:05 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2011-2370 |
Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors. Published: June 30, 2011; 12:55:05 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-2366 |
Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. Published: June 30, 2011; 11:55:03 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1187 |
Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak." Published: March 10, 2011; 9:01:18 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |