FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8b491182-f842-11dd-94d9-0030843d3802firefox -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2009-06: Directives to not cache pages ignored

MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies

MFSA 2009-04: Chrome privilege escalation via local .desktop files

MFSA 2009-03: Local file stealing with SessionStore

MFSA 2009-02: XSS using a chrome XBL method and window.eval

MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)


Discovery 2009-02-04
Entry 2009-02-11
Modified 2009-12-12
firefox
< 2.0.0.20_3,1

gt 3.*,1 lt 3.0.6,1

linux-firefox
linux-firefox-devel
< 3.0.6

linux-seamonkey-devel
gt 0

seamonkey
linux-seamonkey
< 1.1.15

thunderbird
linux-thunderbird
< 2.0.0.21

CVE-2009-0353
CVE-2009-0352
CVE-2009-0354
CVE-2009-0355
CVE-2009-0356
CVE-2009-0357
CVE-2009-0358
http://www.mozilla.org/security/announce/2009/mfsa2009-01.html
http://www.mozilla.org/security/announce/2009/mfsa2009-02.html
http://www.mozilla.org/security/announce/2009/mfsa2009-03.html
http://www.mozilla.org/security/announce/2009/mfsa2009-04.html
http://www.mozilla.org/security/announce/2009/mfsa2009-05.html
http://www.mozilla.org/security/announce/2009/mfsa2009-06.html
http://secunia.com/advisories/33799/
9ccfee39-3c3b-11df-9edc-000f20797edemozilla -- multiple vulnerabilities

Mozilla Project reports:

MFSA 2010-24 XMLDocument::load() doesn't check nsIContentPolicy

MFSA 2010-23 Image src redirect to mailto: URL opens email editor

MFSA 2010-22 Update NSS to support TLS renegotiation indication

MFSA 2010-21 Arbitrary code execution with Firebug XMLHttpRequestSpy

MFSA 2010-20 Chrome privilege escalation via forced URL drag and drop

MFSA 2010-19 Dangling pointer vulnerability in nsPluginArray

MFSA 2010-18 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-17 Remote code execution with use-after-free in nsTreeSelection

MFSA 2010-16 Crashes with evidence of memory corruption (rv:1.9.2.2/ 1.9.1.9/ 1.9.0.19)


Discovery 2010-03-30
Entry 2010-03-30
seamonkey
gt 2.0 lt 2.0.4

thunderbird
ge 3.0 lt 3.0.4

firefox
gt 3.5.*,1 lt 3.5.9,1

gt 3.*,1 lt 3.0.19,1

linux-firefox
< 3.0.19,1

linux-firefox-devel
< 3.5.9

nss
linux-f10-nss
< 3.12.5

CVE-2010-0181
CVE-2009-3555
CVE-2010-0179
CVE-2010-0178
CVE-2010-0177
CVE-2010-0176
CVE-2010-0175
CVE-2010-0174
CVE-2010-0173
http://www.mozilla.org/security/announce/2010/mfsa2010-24.html
http://www.mozilla.org/security/announce/2010/mfsa2010-23.html
http://www.mozilla.org/security/announce/2010/mfsa2010-22.html
http://www.mozilla.org/security/announce/2010/mfsa2010-21.html
http://www.mozilla.org/security/announce/2010/mfsa2010-20.html
http://www.mozilla.org/security/announce/2010/mfsa2010-19.html
http://www.mozilla.org/security/announce/2010/mfsa2010-18.html
http://www.mozilla.org/security/announce/2010/mfsa2010-17.html
http://www.mozilla.org/security/announce/2010/mfsa2010-16.html
49e8f2ee-8147-11de-a994-0030843d3802mozilla -- multiple vulnerabilities

Mozilla Project reports:

MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name longer than 15 characters

MFSA 2009-42: Compromise of SSL-protected communication

MFSA 2009-43: Heap overflow in certificate regexp parsing

MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() on invalid URL

MFSA 2009-45: Crashes with evidence of memory corruption (rv:1.9.1.2/1.9.0.13)

MFSA 2009-46: Chrome privilege escalation due to incorrectly cached wrapper


Discovery 2009-08-03
Entry 2009-08-04
Modified 2009-09-04
firefox
linux-firefox
< 3.*,1

gt 3.*,1 lt 3.0.13,1

gt 3.5.*,1 lt 3.5.2,1

linux-firefox-devel
< 3.5.2

seamonkey
linux-seamonkey
< 1.1.18

linux-seamonkey-devel
gt 0

thunderbird
linux-thunderbird
< 2.0.0.23

CVE-2009-2404
CVE-2009-2408
CVE-2009-2454
CVE-2009-2470
http://www.mozilla.org/security/announce/2009/mfsa2009-38.html
http://www.mozilla.org/security/announce/2009/mfsa2009-42.html
http://www.mozilla.org/security/announce/2009/mfsa2009-43.html
http://www.mozilla.org/security/announce/2009/mfsa2009-44.html
http://www.mozilla.org/security/announce/2009/mfsa2009-45.html
http://www.mozilla.org/security/announce/2009/mfsa2009-46.html
45f102cd-4456-11e0-9580-4061862b8c22mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)

MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true

MFSA 2011-03 Use-after-free error in JSON.stringify

MFSA 2011-04 Buffer overflow in JavaScript upvarMap

MFSA 2011-05 Buffer overflow in JavaScript atom map

MFSA 2011-06 Use-after-free error using Web Workers

MFSA 2011-07 Memory corruption during text run construction (Windows)

MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents

MFSA 2011-09 Crash caused by corrupted JPEG image

MFSA 2011-10 CSRF risk with plugins and 307 redirects


Discovery 2011-03-01
Entry 2011-03-01
firefox
gt 3.6.*,1 lt 3.6.14,1

gt 3.5.*,1 lt 3.5.17,1

libxul
gt 1.9.2.* lt 1.9.2.14

linux-firefox
< 3.6.14,1

linux-firefox-devel
< 3.5.17

linux-seamonkey
gt 2.0.* lt 2.0.12

linux-thunderbird
ge 3.1 lt 3.1.8

seamonkey
gt 2.0.* lt 2.0.12

thunderbird
< 3.1.8

CVE-2010-1585
CVE-2011-0051
CVE-2011-0053
CVE-2011-0054
CVE-2011-0055
CVE-2011-0056
CVE-2011-0057
CVE-2011-0058
CVE-2011-0059
CVE-2011-0061
CVE-2011-0062
https://www.mozilla.org/security/announce/2011/mfsa2011-01.html
https://www.mozilla.org/security/announce/2011/mfsa2011-02.html
https://www.mozilla.org/security/announce/2011/mfsa2011-03.html
https://www.mozilla.org/security/announce/2011/mfsa2011-04.html
https://www.mozilla.org/security/announce/2011/mfsa2011-05.html
https://www.mozilla.org/security/announce/2011/mfsa2011-06.html
https://www.mozilla.org/security/announce/2011/mfsa2011-07.html
https://www.mozilla.org/security/announce/2011/mfsa2011-08.html
https://www.mozilla.org/security/announce/2011/mfsa2011-09.html
https://www.mozilla.org/security/announce/2011/mfsa2011-10.html
99858b7c-7ece-11df-a007-000f20797edemozilla -- multiple vulnerabilities

Mozilla Project reports:

MFSA 2010-33 User tracking across sites using Math.random()

MFSA 2010-32 Content-Disposition: attachment ignored if Content-Type: multipart also present

MFSA 2010-31 focus() behavior can be used to inject or steal keystrokes

MFSA 2010-30 Integer Overflow in XSLT Node Sorting

MFSA 2010-29 Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal

MFSA 2010-28 Freed object reuse across plugin instances

MFSA 2010-27 Use-after-free error in nsCycleCollector::MarkRoots()

MFSA 2010-26 Crashes with evidence of memory corruption (rv:1.9.2.4/ 1.9.1.10)

MFSA 2010-25 Re-use of freed object due to scope confusion


Discovery 2010-06-22
Entry 2010-06-23
firefox
gt 3.6.*,1 lt 3.6.4,1

gt 3.5.*,1 lt 3.5.10,1

linux-firefox-devel
< 3.5.10

seamonkey
gt 2.0.* lt 2.0.5

thunderbird
ge 3.0 lt 3.0.5

CVE-2008-5913
CVE-2010-0183
CVE-2010-1121
CVE-2010-1125
CVE-2010-1197
CVE-2010-1199
CVE-2010-1196
CVE-2010-1198
CVE-2010-1200
CVE-2010-1201
CVE-2010-1202
CVE-2010-1203
http://www.mozilla.org/security/announce/2010/mfsa2010-33.html
http://www.mozilla.org/security/announce/2010/mfsa2010-32.html
http://www.mozilla.org/security/announce/2010/mfsa2010-31.html
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
http://www.mozilla.org/security/announce/2010/mfsa2010-29.html
http://www.mozilla.org/security/announce/2010/mfsa2010-28.html
http://www.mozilla.org/security/announce/2010/mfsa2010-27.html
http://www.mozilla.org/security/announce/2010/mfsa2010-26.html
http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
f82c85d8-1c6e-11df-abb2-000f20797edemozilla -- multiple vulnerabilities

Mozilla Project reports:

MFSA 2010-05 XSS hazard using SVG document and binary Content-Type

MFSA 2010-04 XSS due to window.dialogArguments being readable cross-domain

MFSA 2010-03 Use-after-free crash in HTML parser

MFSA 2010-02 Web Worker Array Handling Heap Corruption Vulnerability

MFSA 2010-01 Crashes with evidence of memory corruption (rv:1.9.1.8/ 1.9.0.18)


Discovery 2010-02-17
Entry 2010-02-18
Modified 2010-02-28
firefox
gt 3.5.*,1 lt 3.5.8,1

gt 3.*,1 lt 3.0.18,1

linux-firefox
< 3.0.18,1

linux-firefox-devel
< 3.5.8

seamonkey
gt 2.0.* lt 2.0.3

thunderbird
ge 3.0 lt 3.0.2

CVE-2010-0159
CVE-2010-0160
CVE-2009-1571
CVE-2009-3988
CVE-2010-0162
http://www.mozilla.org/security/announce/2010/mfsa2010-01.html
http://www.mozilla.org/security/announce/2010/mfsa2010-02.html
http://www.mozilla.org/security/announce/2010/mfsa2010-03.html
http://www.mozilla.org/security/announce/2010/mfsa2010-04.html
http://www.mozilla.org/security/announce/2010/mfsa2010-05.html
da185955-5738-11de-b857-000f20797edemozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2009-32 JavaScript chrome privilege escalation

MFSA 2009-31 XUL scripts bypass content-policy checks

MFSA 2009-30 Incorrect principal set for file: resources loaded via location bar

MFSA 2009-29 Arbitrary code execution using event listeners attached to an element whose owner document is null

MFSA 2009-28 Race condition while accessing the private data of a NPObject JS wrapper class object

MFSA 2009-27 SSL tampering via non-200 responses to proxy CONNECT requests

MFSA 2009-26 Arbitrary domain cookie access by local file: resources

MFSA 2009-25 URL spoofing with invalid unicode characters

MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)


Discovery 2009-06-11
Entry 2009-06-12
Modified 2009-12-12
firefox
< 2.0.0.20_8,1

gt 3.*,1 lt 3.0.11,1

linux-firefox
linux-firefox-devel
< 3.0.11

thunderbird
linux-thunderbird
< 2.0.0.22

seamonkey
linux-seamonkey
< 1.1.17

CVE-2009-1392
CVE-2009-1832
CVE-2009-1833
CVE-2009-1834
CVE-2009-1835
CVE-2009-1836
CVE-2009-1837
CVE-2009-1838
CVE-2009-1839
CVE-2009-1840
CVE-2009-1841
http://www.mozilla.org/security/announce/2009/mfsa2009-24.html
http://www.mozilla.org/security/announce/2009/mfsa2009-25.html
http://www.mozilla.org/security/announce/2009/mfsa2009-26.html
http://www.mozilla.org/security/announce/2009/mfsa2009-27.html
http://www.mozilla.org/security/announce/2009/mfsa2009-28.html
http://www.mozilla.org/security/announce/2009/mfsa2009-29.html
http://www.mozilla.org/security/announce/2009/mfsa2009-30.html
http://www.mozilla.org/security/announce/2009/mfsa2009-31.html
http://www.mozilla.org/security/announce/2009/mfsa2009-32.html
http://secunia.com/advisories/35331/
1d8ff4a2-0445-11e0-8e32-000f20797edemozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2010-74 Miscellaneous memory safety hazards (rv:1.9.2.13/ 1.9.1.16)

MFSA 2010-75 Buffer overflow while line breaking after document.write with long string

MFSA 2010-76 Chrome privilege escalation with window.open and isindex element

MFSA 2010-77 Crash and remote code execution using HTML tags inside a XUL tree

MFSA 2010-78 Add support for OTS font sanitizer

MFSA 2010-79 Java security bypass from LiveConnect loaded via data: URL meta refresh

MFSA 2010-80 Use-after-free error with nsDOMAttribute MutationObserver

MFSA 2010-81 Integer overflow vulnerability in NewIdArray

MFSA 2010-82 Incomplete fix for CVE-2010-0179

MFSA 2010-83 Location bar SSL spoofing using network error page

MFSA 2010-84 XSS hazard in multiple character encodings


Discovery 2010-12-09
Entry 2010-12-10
firefox
gt 3.6.*,1 lt 3.6.13,1

gt 3.5.*,1 lt 3.5.16,1

libxul
gt 1.9.2.* lt 1.9.2.13

linux-firefox
< 3.6.13,1

linux-firefox-devel
< 3.5.16

linux-seamonkey
gt 2.0.* lt 2.0.11

linux-thunderbird
ge 3.1 lt 3.1.7

seamonkey
gt 2.0.* lt 2.0.11

thunderbird
ge 3.0 lt 3.0.11

ge 3.1 lt 3.1.7

CVE-2010-3766
CVE-2010-3767
CVE-2010-3768
CVE-2010-3769
CVE-2010-3770
CVE-2010-3771
CVE-2010-3772
CVE-2010-3773
CVE-2010-3774
CVE-2010-3775
CVE-2010-3776
CVE-2010-3777
CVE-2010-3778
http://www.mozilla.org/security/announce/2010/mfsa2010-74.html
http://www.mozilla.org/security/announce/2010/mfsa2010-75.html
http://www.mozilla.org/security/announce/2010/mfsa2010-76.html
http://www.mozilla.org/security/announce/2010/mfsa2010-77.html
http://www.mozilla.org/security/announce/2010/mfsa2010-78.html
http://www.mozilla.org/security/announce/2010/mfsa2010-79.html
http://www.mozilla.org/security/announce/2010/mfsa2010-80.html
http://www.mozilla.org/security/announce/2010/mfsa2010-81.html
http://www.mozilla.org/security/announce/2010/mfsa2010-82.html
http://www.mozilla.org/security/announce/2010/mfsa2010-83.html
http://www.mozilla.org/security/announce/2010/mfsa2010-84.html
e190ca65-3636-11dc-a697-000c6ec775d9mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program.

  • MFSA 2007-25 XPCNativeWrapper pollution
  • MFSA 2007-24 Unauthorized access to wyciwyg:// documents
  • MFSA 2007-21 Privilege escalation using an event handler attached to an element not in the document
  • MFSA 2007-20 Frame spoofing while window is loading
  • MFSA 2007-19 XSS using addEventListener and setTimeout
  • MFSA 2007-18 Crashes with evidence of memory corruption

Discovery 2007-07-17
Entry 2007-07-19
Modified 2008-06-21
firefox
< 2.0.0.5,1

gt 3.*,1 lt 3.0.a2_3,1

linux-firefox
linux-thunderbird
mozilla-thunderbird
thunderbird
< 2.0.0.5

seamonkey
linux-seamonkey
< 1.1.3

linux-firefox-devel
< 3.0.a2007.12.12

linux-seamonkey-devel
< 2.0.a2007.12.12

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla
gt 0

CVE-2007-3738
CVE-2007-3089
CVE-2007-3734
CVE-2007-3735
CVE-2007-3737
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.5
http://www.mozilla.org/security/announce/2007/mfsa2007-18.html
http://www.mozilla.org/security/announce/2007/mfsa2007-19.html
http://www.mozilla.org/security/announce/2007/mfsa2007-20.html
http://www.mozilla.org/security/announce/2007/mfsa2007-21.html
http://www.mozilla.org/security/announce/2007/mfsa2007-24.html
http://www.mozilla.org/security/announce/2007/mfsa2007-25.html
TA07-199A
c223b00d-e272-11df-8e32-000f20797edemozilla -- Heap buffer overflow mixing document.write and DOM insertion

The Mozilla Project reports:

MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion


Discovery 2010-10-27
Entry 2010-10-28
firefox
gt 3.6.*,1 lt 3.6.12,1

gt 3.5.*,1 lt 3.5.15,1

libxul
gt 1.9.2.* lt 1.9.2.12

linux-firefox
< 3.6.12,1

linux-firefox-devel
< 3.5.15

linux-seamonkey
< 2.0.10

linux-thunderbird
< 3.1.6

seamonkey
gt 2.0.* lt 2.0.10

thunderbird
ge 3.0 lt 3.0.10

ge 3.1 lt 3.1.6

CVE-2010-3765
http://www.mozilla.org/security/announce/2010/mfsa2010-73.html
3b18e237-2f15-11de-9672-0030843d3802mozilla -- multiple vulnerabilities

Mozilla Foundation reports:

MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs

MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame

MFSA 2009-20: Malicious search plugins can inject code into arbitrary sites

MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString

MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings

MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme

MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI

MFSA 2009-15: URL spoofing with box drawing character

MFSA 2009-14 Crashes with evidence of memory corruption (rv:1.9.0.9)


Discovery 2009-04-21
Entry 2009-04-22
Modified 2009-12-12
firefox
< 2.0.0.20_7,1

gt 3.*,1 lt 3.0.9,1

linux-firefox
linux-firefox-devel
< 3.0.9

linux-seamonkey-devel
gt 0

seamonkey
linux-seamonkey
< 1.1.17

thunderbird
linux-thunderbird
< 2.0.0.22

CVE-2009-1305
CVE-2009-1310
34656
CVE-2009-1303
CVE-2009-1306
CVE-2009-1307
CVE-2009-1308
CVE-2009-1309
CVE-2009-1312
CVE-2009-1311
CVE-2009-1302
CVE-2009-1304
http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
http://www.mozilla.org/security/announce/2009/mfsa2009-15.html
http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
b2f09169-55af-11e0-9d6f-000f20797edemozilla -- update to HTTPS certificate blacklist

The Mozilla Project reports:

MFSA 2011-11 Update to HTTPS certificate blacklist


Discovery 2011-03-22
Entry 2011-03-24
firefox
gt 3.6.*,1 lt 3.6.16,1

gt 3.5.*,1 lt 3.5.18,1

libxul
gt 1.9.2.* lt 1.9.2.16

linux-firefox
< 3.6.16,1

linux-firefox-devel
< 3.5.18

linux-seamonkey
gt 2.0.* lt 2.0.13

seamonkey
gt 2.0.* lt 2.0.13

http://www.mozilla.org/security/announce/2011/mfsa2011-11.html
3ce8c7e2-66cf-11dc-b25f-02e0185f8d72mozilla -- code execution via Quicktime media-link files

The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browser with arbitrary command-line options. This could allow the attacker to install malware, steal local data and possibly execute and/or do other arbitrary things within the users context.


Discovery 2007-09-18
Entry 2007-09-19
Modified 2007-12-14
firefox
< 2.0.0.7,1

linux-firefox
< 2.0.0.7

seamonkey
linux-seamonkey
< 1.1.5

linux-firefox-devel
< 3.0.a2007.12.12

linux-seamonkey-devel
< 2.0.a2007.12.12

firefox-ja
linux-mozilla-devel
linux-mozilla
mozilla
gt 0

CVE-2006-4965
http://www.mozilla.org/security/announce/2007/mfsa2007-28.html
4a21ce2c-bb13-11df-8e32-000f20797edemozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2010-49 Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)

MFSA 2010-50 Frameset integer overflow vulnerability

MFSA 2010-51 Dangling pointer vulnerability using DOM plugin array

MFSA 2010-52 Windows XP DLL loading vulnerability

MFSA 2010-53 Heap buffer overflow in nsTextFrameUtils::TransformText

MFSA 2010-54 Dangling pointer vulnerability in nsTreeSelection

MFSA 2010-55 XUL tree removal crash and remote code execution

MFSA 2010-56 Dangling pointer vulnerability in nsTreeContentView

MFSA 2010-57 Crash and remote code execution in normalizeDocument

MFSA 2010-58 Crash on Mac using fuzzed font in data: URL

MFSA 2010-59 SJOW creates scope chains ending in outer object

MFSA 2010-60 XSS using SJOW scripted function

MFSA 2010-61 UTF-7 XSS by overriding document charset using object type attribute

MFSA 2010-62 Copy-and-paste or drag-and-drop into designMode document allows XSS

MFSA 2010-63 Information leak via XMLHttpRequest statusText


Discovery 2010-09-07
Entry 2010-09-08
Modified 2010-09-15
firefox
gt 3.6.*,1 lt 3.6.9,1

gt 3.5.*,1 lt 3.5.12,1

libxul
gt 1.9.2.* lt 1.9.2.9

linux-firefox
< 3.6.9,1

linux-firefox-devel
< 3.5.12

seamonkey
gt 2.0.* lt 2.0.7

thunderbird
ge 3.0 lt 3.0.7

ge 3.1 lt 3.1.3

CVE-2010-2762
CVE-2010-2763
CVE-2010-2764
CVE-2010-2765
CVE-2010-2766
CVE-2010-2767
CVE-2010-2768
CVE-2010-2769
CVE-2010-2770
CVE-2010-2760
CVE-2010-3131
CVE-2010-3166
CVE-2010-3167
CVE-2010-3168
CVE-2010-3169
http://www.mozilla.org/security/announce/2010/mfsa2010-49.html
http://www.mozilla.org/security/announce/2010/mfsa2010-50.html
http://www.mozilla.org/security/announce/2010/mfsa2010-51.html
http://www.mozilla.org/security/announce/2010/mfsa2010-52.html
http://www.mozilla.org/security/announce/2010/mfsa2010-53.html
http://www.mozilla.org/security/announce/2010/mfsa2010-54.html
http://www.mozilla.org/security/announce/2010/mfsa2010-55.html
http://www.mozilla.org/security/announce/2010/mfsa2010-56.html
http://www.mozilla.org/security/announce/2010/mfsa2010-57.html
http://www.mozilla.org/security/announce/2010/mfsa2010-58.html
http://www.mozilla.org/security/announce/2010/mfsa2010-59.html
http://www.mozilla.org/security/announce/2010/mfsa2010-60.html
http://www.mozilla.org/security/announce/2010/mfsa2010-61.html
http://www.mozilla.org/security/announce/2010/mfsa2010-62.html
http://www.mozilla.org/security/announce/2010/mfsa2010-63.html
04b7d46c-7226-11e0-813a-6c626dd55a41Mozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2011-12 Miscellaneous memory safety hazards

MFSA 2011-13 Multiple dangling pointer vulnerabilities

MFSA 2011-14 Information stealing via form history

MFSA 2011-15 Escalation of privilege through Java Embedding Plugin

MFSA 2011-16 Directory traversal in resource: protocol

MFSA 2011-17 WebGLES vulnerabilities

MFSA 2011-18 XSLT generate-id() function heap address leak


Discovery 2011-04-28
Entry 2011-04-29
firefox
gt 3.6.*,1 lt 3.6.17,1

gt 3.5.*,1 lt 3.5.19,1

gt 4.0.*,1 lt 4.0.1,1

libxul
gt 1.9.2.* lt 1.9.2.17

linux-firefox
< 3.6.17,1

linux-firefox-devel
< 3.5.19

linux-seamonkey
gt 2.0.* lt 2.0.14

seamonkey
gt 2.0.* lt 2.0.14

http://www.mozilla.org/security/announce/2011/mfsa2011-12.html
http://www.mozilla.org/security/announce/2011/mfsa2011-13.html
http://www.mozilla.org/security/announce/2011/mfsa2011-14.html
http://www.mozilla.org/security/announce/2011/mfsa2011-15.html
http://www.mozilla.org/security/announce/2011/mfsa2011-16.html
http://www.mozilla.org/security/announce/2011/mfsa2011-17.html
http://www.mozilla.org/security/announce/2011/mfsa2011-18.html
8c2ea875-9499-11df-8e32-000f20797edemozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)

MFSA 2010-35 DOM attribute cloning remote code execution vulnerability

MFSA 2010-36 Use-after-free error in NodeIterator

MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability

MFSA 2010-38 Arbitrary code execution using SJOW and fast native function

MFSA 2010-39 nsCSSValue::Array index integer overflow

MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability

MFSA 2010-41 Remote code execution using malformed PNG image

MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts

MFSA 2010-43 Same-origin bypass using canvas context

MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish

MFSA 2010-45 Multiple location bar spoofing vulnerabilities

MFSA 2010-46 Cross-domain data theft using CSS

MFSA 2010-47 Cross-origin data leakage from script filename in error messages


Discovery 2010-07-20
Entry 2010-07-21
firefox
gt 3.6.*,1 lt 3.6.7,1

gt 3.5.*,1 lt 3.5.11,1

linux-firefox
< 3.6.7,1

linux-firefox-devel
< 3.5.11

seamonkey
gt 2.0.* lt 2.0.6

thunderbird
ge 3.0 lt 3.0.6

CVE-2010-0654
CVE-2010-1205
CVE-2010-1206
CVE-2010-1207
CVE-2010-1208
CVE-2010-1209
CVE-2010-1210
CVE-2010-1211
CVE-2010-1212
CVE-2010-1213
CVE-2010-1214
CVE-2010-1215
CVE-2010-2751
CVE-2010-2752
CVE-2010-2753
CVE-2010-2754
http://www.mozilla.org/security/announce/2010/mfsa2010-34.html
http://www.mozilla.org/security/announce/2010/mfsa2010-35.html
http://www.mozilla.org/security/announce/2010/mfsa2010-36.html
http://www.mozilla.org/security/announce/2010/mfsa2010-37.html
http://www.mozilla.org/security/announce/2010/mfsa2010-38.html
http://www.mozilla.org/security/announce/2010/mfsa2010-39.html
http://www.mozilla.org/security/announce/2010/mfsa2010-40.html
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
http://www.mozilla.org/security/announce/2010/mfsa2010-42.html
http://www.mozilla.org/security/announce/2010/mfsa2010-43.html
http://www.mozilla.org/security/announce/2010/mfsa2010-44.html
http://www.mozilla.org/security/announce/2010/mfsa2010-45.html
http://www.mozilla.org/security/announce/2010/mfsa2010-46.html
http://www.mozilla.org/security/announce/2010/mfsa2010-47.html
c4f067b9-dc4a-11df-8e32-000f20797edemozilla -- multiple vulnerabilities

The Mozilla Project reports:

MFSA 2010-64 Miscellaneous memory safety hazards (rv:1.9.2.11/ 1.9.1.14)

MFSA 2010-65 Buffer overflow and memory corruption using document.write

MFSA 2010-66 Use-after-free error in nsBarProp

MFSA 2010-67 Dangling pointer vulnerability in LookupGetterOrSetter

MFSA 2010-68 XSS in gopher parser when parsing hrefs

MFSA 2010-69 Cross-site information disclosure via modal calls

MFSA 2010-70 SSL wildcard certificate matching IP addresses

MFSA 2010-71 Unsafe library loading vulnerabilities

MFSA 2010-72 Insecure Diffie-Hellman key exchange


Discovery 2010-10-19
Entry 2010-10-20
firefox
gt 3.6.*,1 lt 3.6.11,1

gt 3.5.*,1 lt 3.5.14,1

libxul
gt 1.9.2.* lt 1.9.2.11

linux-firefox
< 3.6.11,1

linux-firefox-devel
< 3.5.14

seamonkey
gt 2.0.* lt 2.0.9

thunderbird
ge 3.0 lt 3.0.9

ge 3.1 lt 3.1.5

CVE-2010-3170
CVE-2010-3173
CVE-2010-3174
CVE-2010-3175
CVE-2010-3176
CVE-2010-3177
CVE-2010-3178
CVE-2010-3179
CVE-2010-3180
CVE-2010-3181
CVE-2010-3182
CVE-2010-3183
http://www.mozilla.org/security/announce/2010/mfsa2010-64.html
http://www.mozilla.org/security/announce/2010/mfsa2010-65.html
http://www.mozilla.org/security/announce/2010/mfsa2010-66.html
http://www.mozilla.org/security/announce/2010/mfsa2010-67.html
http://www.mozilla.org/security/announce/2010/mfsa2010-68.html
http://www.mozilla.org/security/announce/2010/mfsa2010-69.html
http://www.mozilla.org/security/announce/2010/mfsa2010-70.html
http://www.mozilla.org/security/announce/2010/mfsa2010-71.html
http://www.mozilla.org/security/announce/2010/mfsa2010-72.html
f1f6f6da-9d2f-11dc-9114-001c2514716cfirefox -- multiple remote unspecified memory corruption vulnerabilities

Mozilla Foundation reports:

The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.


Discovery 2007-11-26
Entry 2007-11-27
Modified 2007-12-14
firefox
< 2.0.0.10,1

linux-firefox
< 2.0.0.10

seamonkey
linux-seamonkey
< 1.1.7

flock
linux-flock
< 1.0.2

linux-firefox-devel
< 3.0.a2007.12.12

linux-seamonkey-devel
< 2.0.a2007.12.12

26593
CVE-2007-5959