Search CVE reports
2741 – 2750 of 3080 results
Some fixes available 4 of 11
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."
4 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1, xulrunner-1.9.2
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
| xulrunner-1.9.2 | — | — | — | — | — |
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat...
4 affected packages
firefox, firefox-3.0, firefox-3.5, iceweasel
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| firefox-3.0 | — | — | — | — | — |
| firefox-3.5 | — | — | — | — | — |
| iceweasel | — | — | — | — | — |
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified...
1 affected package
firefox-3.0
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox-3.0 | — | — | — | — | — |
Some fixes available 13 of 20
Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting...
5 affected packages
firefox, seamonkey, xulrunner, xulrunner-1.9, xulrunner-1.9.1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
Some fixes available 8 of 15
Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner...
5 affected packages
firefox, seamonkey, xulrunner, xulrunner-1.9, xulrunner-1.9.1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
Some fixes available 5 of 7
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
3 affected packages
firefox, xulrunner-1.9, xulrunner-1.9.1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
Some fixes available 21 of 29
Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an...
7 affected packages
firefox, mozilla-thunderbird, seamonkey, thunderbird, xulrunner...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
Some fixes available 10 of 22
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and...
6 affected packages
firefox, seamonkey, thunderbird, xulrunner, xulrunner-1.9, xulrunner-1.9.1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
Some fixes available 21 of 29
The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and...
7 affected packages
firefox, mozilla-thunderbird, seamonkey, thunderbird, xulrunner...
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| mozilla-thunderbird | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |
Some fixes available 10 of 22
The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks...
6 affected packages
firefox, seamonkey, thunderbird, xulrunner, xulrunner-1.9, xulrunner-1.9.1
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| firefox | — | — | — | — | — |
| seamonkey | — | — | — | — | — |
| thunderbird | — | — | — | — | — |
| xulrunner | — | — | — | — | — |
| xulrunner-1.9 | — | — | — | — | — |
| xulrunner-1.9.1 | — | — | — | — | — |