CVE-2009-1836
- EPSS 2.03%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:09
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attacke...
CVE-2009-1837
- EPSS 4.33%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:09
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading,...
CVE-2009-1838
- EPSS 4.8%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:10
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary...
CVE-2009-1839
- EPSS 7.12%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:10
Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with a file: URL loaded through the location bar, which allows user-assisted remote attackers to bypass intended access restrictions and read files via a crafted HTML document, aka a "...
CVE-2009-1840
- EPSS 2.22%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:10
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated ...
CVE-2009-1841
- EPSS 4.8%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:10
js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by t...
CVE-2009-2043
- EPSS 4.36%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:38
nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to interaction with TinyMCE.
CVE-2009-2044
- EPSS 5.89%
- Veröffentlicht 12.06.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:38
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
- EPSS 3.94%
- Veröffentlicht 29.05.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:08
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."
- EPSS 8.78%
- Veröffentlicht 29.05.2009 20:30:00
- Zuletzt bearbeitet 16.06.2026 23:08:08
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript on...