CVE search results

121 – 130 of 148 results

Detailed view

Sort by:

CVE-2009-3376

Low priority

Fixed

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof...

5 affected packages

firefox-3.0, firefox-3.5, thunderbird, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
thunderbird	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3375

Low priority

Fixed

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the...

4 affected packages

firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3374

Medium priority

Fixed

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects...

4 affected packages

firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3371

Medium priority

Fixed

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.

2 affected packages

firefox-3.5, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.5	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3370

Medium priority

Fixed

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form,...

2 affected packages

firefox-3.5, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.5	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3079

Medium priority

Fixed

Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

4 affected packages

firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3078

Low priority

Fixed

Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.

4 affected packages

firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3077

Medium priority

Fixed

Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document,...

5 affected packages

firefox-3.0, firefox-3.5, thunderbird, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
thunderbird	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3075

Medium priority

Fixed

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service...

5 affected packages

firefox-3.0, firefox-3.5, thunderbird, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
thunderbird	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

CVE-2009-3074

Medium priority

Fixed

Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

4 affected packages

firefox-3.0, firefox-3.5, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
firefox-3.0	—	—	—	—
firefox-3.5	—	—	—	—
xulrunner-1.9	—	—	—	—
xulrunner-1.9.1	—	—	—	—

Export to JSON

Results by page:

Search CVE reports