CVE-2010-0170
- EPSS 1.57%
- Veröffentlicht 25.03.2010 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:15:37
Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specifi...
CVE-2010-0171
- EPSS 1.78%
- Veröffentlicht 25.03.2010 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:15:37
Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) at...
CVE-2010-0172
- EPSS 1.41%
- Veröffentlicht 25.03.2010 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:15:37
toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the asynchronous Authorization Prompt implementation in Mozilla Firefox 3.6 before 3.6.2 does not properly handle concurrent authorization requests from multiple web sites, which might a...
CVE-2010-1028
- EPSS 8.82%
- Veröffentlicht 19.03.2010 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:17:22
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a b...
- EPSS 4.79%
- Veröffentlicht 22.02.2010 13:00:02
- Zuletzt bearbeitet 16.06.2026 23:15:35
The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ...
- EPSS 6.01%
- Veröffentlicht 22.02.2010 13:00:02
- Zuletzt bearbeitet 16.06.2026 23:15:35
The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly handle array data types for posted messages, which allows remote attackers to cause a denial of service (heap me...
CVE-2010-0162
- EPSS 2.97%
- Veröffentlicht 22.02.2010 13:00:02
- Zuletzt bearbeitet 16.06.2026 23:15:36
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving S...
- EPSS 6.39%
- Veröffentlicht 22.02.2010 13:00:01
- Zuletzt bearbeitet 16.06.2026 23:07:32
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that at...
- EPSS 2.15%
- Veröffentlicht 22.02.2010 13:00:01
- Zuletzt bearbeitet 16.06.2026 23:12:46
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-s...
CVE-2010-0648
- EPSS 1.25%
- Veröffentlicht 18.02.2010 18:00:00
- Zuletzt bearbeitet 16.06.2026 23:16:34
Mozilla Firefox, possibly before 3.6, allows remote attackers to discover a redirect's target URL, for the session of a specific user of a web site, by placing the site's URL in the HREF attribute of a stylesheet LINK element, and then reading the do...