- EPSS 13.23%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:30
The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arb...
- EPSS 5.41%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:30
Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cp...
- EPSS 6.62%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:30
The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2...
- EPSS 5.42%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:30
Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash ...
- EPSS 6.33%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:30
Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ...
- EPSS 5.56%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:31
Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or ...
- EPSS 3.73%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:31
The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.
CVE-2009-2472
- EPSS 2.24%
- Veröffentlicht 22.07.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:31
Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, re...
- EPSS 9.4%
- Veröffentlicht 20.07.2009 18:30:01
- Zuletzt bearbeitet 16.06.2026 23:09:39
Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and Thunderbird allow remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a re...
- EPSS 7.81%
- Veröffentlicht 16.07.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:09:32
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."