Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-1965 | 4.3 |
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascr
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2012-1966 | 4.3 |
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
|
21-10-2024 - 13:55 | 18-07-2012 - 10:26 | |
CVE-2010-2883 | 9.3 |
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF documen
|
28-06-2024 - 14:16 | 09-09-2010 - 22:00 | |
CVE-2010-0483 | 7.6 |
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (
|
26-02-2019 - 14:04 | 03-03-2010 - 19:30 | |
CVE-2013-0086 | 5.0 |
Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
|
12-10-2018 - 22:03 | 13-03-2013 - 00:55 | |
CVE-2011-3413 | 9.3 |
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory
|
12-10-2018 - 22:01 | 14-12-2011 - 00:55 | |
CVE-2010-0261 | 9.3 |
Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a
|
12-10-2018 - 21:56 | 10-03-2010 - 22:30 | |
CVE-2009-0565 | 9.3 |
Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Forma
|
12-10-2018 - 21:50 | 10-06-2009 - 18:00 | |
CVE-2009-3018 | 4.3 |
Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a
|
10-10-2018 - 19:42 | 31-08-2009 - 16:30 | |
CVE-2012-3965 | 9.3 |
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then
|
19-09-2017 - 01:35 | 29-08-2012 - 10:56 | |
CVE-2012-4203 | 6.8 |
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
|
19-09-2017 - 01:35 | 21-11-2012 - 12:55 | |
CVE-2010-1240 | 9.3 |
Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, do not restrict the contents of one text field in the Launch File warning dialog, which makes it easier for remote attackers to trick users into executing an arb
|
19-09-2017 - 01:30 | 05-04-2010 - 15:30 | |
CVE-2010-0220 | 5.0 |
The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an acco
|
19-09-2017 - 01:30 | 07-01-2010 - 19:30 | |
CVE-2009-3375 | 4.3 |
content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary content selection via the document.getSelection fu
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3382 | 10.0 |
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or p
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3371 | 10.0 |
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3380 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3379 | 10.0 |
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overla
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3381 | 10.0 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3370 | 5.0 |
Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3383 | 10.0 |
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3378 | 9.3 |
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3374 | 7.5 |
The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote w
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3377 | 10.0 |
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
|
19-09-2017 - 01:29 | 29-10-2009 - 14:30 | |
CVE-2009-3006 | 4.3 |
Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, whi
|
19-09-2017 - 01:29 | 28-08-2009 - 15:30 |