CVE-2009-1310
- EPSS 1.51%
- Veröffentlicht 22.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:00
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
CVE-2009-1311
- EPSS 2.31%
- Veröffentlicht 22.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:00
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during ...
CVE-2009-1312
- EPSS 5.57%
- Veröffentlicht 22.04.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:07:00
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or...
CVE-2009-1232
- EPSS 5.47%
- Veröffentlicht 02.04.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:49
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0...
CVE-2009-1169
- EPSS 10.46%
- Veröffentlicht 27.03.2009 00:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:38
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT trans...
CVE-2009-0581
- EPSS 2.5%
- Veröffentlicht 23.03.2009 14:19:12
- Zuletzt bearbeitet 16.06.2026 23:05:21
Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.
CVE-2009-0723
- EPSS 5.03%
- Veröffentlicht 23.03.2009 14:19:12
- Zuletzt bearbeitet 16.06.2026 23:05:38
Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer over...
CVE-2009-0733
- EPSS 5.53%
- Veröffentlicht 23.03.2009 14:19:12
- Zuletzt bearbeitet 16.06.2026 23:05:39
Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image ...
CVE-2009-1044
- EPSS 6.49%
- Veröffentlicht 23.03.2009 14:19:12
- Zuletzt bearbeitet 16.06.2026 23:06:22
Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils duri...
- EPSS 4.61%
- Veröffentlicht 05.03.2009 02:30:00
- Zuletzt bearbeitet 16.06.2026 23:05:46
The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption a...