CVE search results

131 – 140 of 163 results

Detailed view

Sort by:

CVE-2009-1836

Medium priority

Some fixes available 21 of 28

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows...

7 affected packages

firefox, mozilla-thunderbird, seamonkey, thunderbird, xulrunner...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
mozilla-thunderbird	—	—	—	—	—
seamonkey	—	—	—	—	—
thunderbird	—	—	—	—	—
xulrunner	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

CVE-2009-1835

Medium priority

Some fixes available 9 of 11

Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate local documents with external domain names located after the file:// substring in a URL, which allows user-assisted remote attackers to read arbitrary cookies via...

4 affected packages

firefox, seamonkey, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
seamonkey	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

CVE-2009-1834

Low priority

Some fixes available 9 of 10

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are...

4 affected packages

firefox, seamonkey, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
seamonkey	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

CVE-2009-1833

Medium priority

Some fixes available 21 of 28

The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute...

7 affected packages

firefox, mozilla-thunderbird, seamonkey, thunderbird, xulrunner...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
mozilla-thunderbird	—	—	—	—	—
seamonkey	—	—	—	—	—
thunderbird	—	—	—	—	—
xulrunner	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

CVE-2009-1832

Low priority

Some fixes available 9 of 16

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors...

7 affected packages

firefox, mozilla-thunderbird, seamonkey, thunderbird, xulrunner...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
mozilla-thunderbird	—	—	—	—	—
seamonkey	—	—	—	—	—
thunderbird	—	—	—	—	—
xulrunner	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

CVE-2009-1392

Low priority

Some fixes available 21 of 28

The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute...

7 affected packages

firefox, mozilla-thunderbird, seamonkey, thunderbird, xulrunner...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
mozilla-thunderbird	—	—	—	—	—
seamonkey	—	—	—	—	—
thunderbird	—	—	—	—	—
xulrunner	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

CVE-2009-1828

Negligible priority

Ignored

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or...

4 affected packages

firefox, xulrunner-1.9, xulrunner-1.9.1, xulrunner-1.9.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—
xulrunner-1.9.2	—	—	—	—	—

CVE-2009-1827

Low priority

Some fixes available 4 of 11

The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."

4 affected packages

firefox, xulrunner-1.9, xulrunner-1.9.1, xulrunner-1.9.2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—
xulrunner-1.9.2	—	—	—	—	—

CVE-2009-1312

Medium priority

Some fixes available 13 of 20

Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting...

5 affected packages

firefox, seamonkey, xulrunner, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
seamonkey	—	—	—	—	—
xulrunner	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

CVE-2009-1311

Low priority

Some fixes available 8 of 15

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner...

5 affected packages

firefox, seamonkey, xulrunner, xulrunner-1.9, xulrunner-1.9.1

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
firefox	—	—	—	—	—
seamonkey	—	—	—	—	—
xulrunner	—	—	—	—	—
xulrunner-1.9	—	—	—	—	—
xulrunner-1.9.1	—	—	—	—	—

Export to JSON

Results by page:

Search CVE reports