Executive Summary

Informations
NameMDVSA-2009:141First vendor Publication2009-06-17
VendorMandrivaLast vendor Modification2009-06-17
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

A number of security vulnerabilities have been discovered for Mozilla Thunderbird version 2.0.0.21 (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-2210, CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1838, CVE-2009-1836, CVE-2009-1840, CVE-2009-1841).

This update provides the latest Thunderbird to correct these issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:141

CWE : Common Weakness Enumeration

idName
CWE-94Failure to Control Generation of Code ('Code Injection')
CWE-399Resource Management Errors
CWE-16Configuration
CWE-287Improper Authentication
CWE-264Permissions, Privileges, and Access Controls
CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
CWE-20Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:7030
 
Oval ID: oval:org.mitre.oval:def:7030
Title: Mozilla Thunderbird, Seamonkey and Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6170
 
Oval ID: oval:org.mitre.oval:def:6170
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6070
 
Oval ID: oval:org.mitre.oval:def:6070
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5527
 
Oval ID: oval:org.mitre.oval:def:5527
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1302
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10106
 
Oval ID: oval:org.mitre.oval:def:10106
Title: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Description: The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to (1) nsAsyncInstantiateEvent::Run, (2) nsStyleContext::Destroy, (3) nsComputedDOMStyle::GetWidth, (4) the xslt_attributeset_ImportSameName.html test case for the XSLT stylesheet compiler, (5) nsXULDocument::SynchronizeBroadcastListener, (6) IsBindingAncestor, (7) PL_DHashTableOperate and nsEditor::EndUpdateViewBatch, and (8) gfxSkipCharsIterator::SetOffsets, and other vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1302
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9455
 
Oval ID: oval:org.mitre.oval:def:9455
Title: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1303
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6646
 
Oval ID: oval:org.mitre.oval:def:6646
Title: Mozilla Thunderbird, Firefox and Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6151
 
Oval ID: oval:org.mitre.oval:def:6151
Title: Mozilla Thunderbird Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5992
 
Oval ID: oval:org.mitre.oval:def:5992
Title: Mozilla Firefox Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5810
 
Oval ID: oval:org.mitre.oval:def:5810
Title: Mozilla Seamonkey Denial of Service Vulnerability
Description: The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to nsSVGElement::BindToTree.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1303
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9535
 
Oval ID: oval:org.mitre.oval:def:9535
Title: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1304
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7516
 
Oval ID: oval:org.mitre.oval:def:7516
Title: Mozilla Firefox, Thunderbird and Seamonkey Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6015
 
Oval ID: oval:org.mitre.oval:def:6015
Title: Mozilla Firefox Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5480
 
Oval ID: oval:org.mitre.oval:def:5480
Title: Mozilla Seamonkey Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5319
 
Oval ID: oval:org.mitre.oval:def:5319
Title: Mozilla Thunderbird Memory corruption Vulnerabilities
Description: The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving (1) js_FindPropertyHelper, related to the definitions of Math and Date; and (2) js_CheckRedeclaration.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1304
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6921
 
Oval ID: oval:org.mitre.oval:def:6921
Title: Mozilla Firefox, Thunderbird and Seamonkey DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6248
 
Oval ID: oval:org.mitre.oval:def:6248
Title: Mozilla Seamonkey DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6232
 
Oval ID: oval:org.mitre.oval:def:6232
Title: Mozilla Firefox DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6090
 
Oval ID: oval:org.mitre.oval:def:6090
Title: Mozilla Thunderbird DoS and Memory Corruption Vulnerability
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1305
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10110
 
Oval ID: oval:org.mitre.oval:def:10110
Title: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Description: The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors involving JSOP_DEFVAR and properties that lack the JSPROP_PERMANENT attribute.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1305
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6710
 
Oval ID: oval:org.mitre.oval:def:6710
Title: Mozilla Thunderbird, Firefox and Seamonkey Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6312
 
Oval ID: oval:org.mitre.oval:def:6312
Title: Mozilla Thunderbird Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6194
 
Oval ID: oval:org.mitre.oval:def:6194
Title: Mozilla Seamonkey Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6021
 
Oval ID: oval:org.mitre.oval:def:6021
Title: Mozilla Firefox Cross Site Scripting Vulnerability
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1306
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10150
 
Oval ID: oval:org.mitre.oval:def:10150
Title: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Description: The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1306
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7008
 
Oval ID: oval:org.mitre.oval:def:7008
Title: Mozilla Thunderbird, Firefox and Seamonkey arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6266
 
Oval ID: oval:org.mitre.oval:def:6266
Title: Mozilla Thunderbird arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6154
 
Oval ID: oval:org.mitre.oval:def:6154
Title: Mozilla Firefox arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5933
 
Oval ID: oval:org.mitre.oval:def:5933
Title: Mozilla Seamonkey arbitrary code execution Vulnerability
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1307
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10972
 
Oval ID: oval:org.mitre.oval:def:10972
Title: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Description: The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1307
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7285
 
Oval ID: oval:org.mitre.oval:def:7285
Title: Mozilla Thunderbird, Firefox and Seamonkey XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Mozilla Seamonkey
Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6296
 
Oval ID: oval:org.mitre.oval:def:6296
Title: Mozilla Thunderbird XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6185
 
Oval ID: oval:org.mitre.oval:def:6185
Title: Mozilla Firefox XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6173
 
Oval ID: oval:org.mitre.oval:def:6173
Title: Mozilla Seamonkey XSS and arbitrary injection Vulnerabilities
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1308
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10428
 
Oval ID: oval:org.mitre.oval:def:10428
Title: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Description: Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1308
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9494
 
Oval ID: oval:org.mitre.oval:def:9494
Title: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1309
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6831
 
Oval ID: oval:org.mitre.oval:def:6831
Title: Mozilla Firefox, Thunderbird, and Seamonkey Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Mozilla Thunderbird
Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6139
 
Oval ID: oval:org.mitre.oval:def:6139
Title: Mozilla Firefox Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Firefox
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5591
 
Oval ID: oval:org.mitre.oval:def:5591
Title: Mozilla Thunderbird Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Thunderbird
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5265
 
Oval ID: oval:org.mitre.oval:def:5265
Title: Mozilla Seamonkey Multiple XSS Vulnerabilities
Description: Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not properly implement the Same Origin Policy for (1) XMLHttpRequest, involving a mismatch for a document's principal, and (2) XPCNativeWrapper.toString, involving an incorrect __proto__ scope, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1309
 Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
 Product(s): Mozilla Seamonkey
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9501
 
Oval ID: oval:org.mitre.oval:def:9501
Title: The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
Description: The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1392
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10237
 
Oval ID: oval:org.mitre.oval:def:10237
Title: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
Description: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
Family: unix Class: vulnerability
Reference(s): CVE-2009-1832
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11487
 
Oval ID: oval:org.mitre.oval:def:11487
Title: The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
Description: The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1833
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11764
 
Oval ID: oval:org.mitre.oval:def:11764
Title: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Description: Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1836
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11080
 
Oval ID: oval:org.mitre.oval:def:11080
Title: The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Description: The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1838
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9448
 
Oval ID: oval:org.mitre.oval:def:9448
Title: Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
Description: Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1840
 Version: 5
Platform(s): Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9815
 
Oval ID: oval:org.mitre.oval:def:9815
Title: js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Description: js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
Family: unix Class: vulnerability
Reference(s): CVE-2009-1841
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:9994
 
Oval ID: oval:org.mitre.oval:def:9994
Title: Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
Description: Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2210
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application104
Application42
Application73

Open Source Vulnerability Database (OSVDB)

idDescription
55532Mozilla Multiple Products Crafted multipart/alternative E-mail Message Remote...
55160Mozilla Multiple Products Proxy Server CONNECT Response Manipulation SSL MiTM...
55159Mozilla Multiple Products xpcwrappedjsclass.cpp JavaScript Chrome Privilege E...
55158Mozilla Multiple Products XUL Document Script Loading Content Policy Bypass
55157Mozilla Multiple Products Garbage-collection Implementation Crafted Event Han...
55155Mozilla Multiple Products JavaScript Engine Unspecified Memory Corruption
55154Mozilla Multiple Products JavaScript Engine jsinterp.c c.hasOwnProperty Memor...
55153Mozilla Multiple Products JavaScript Engine jsxml.c ParseXMLSource Memory Cor...
55152Mozilla Multiple Products JavaScript Engine js_LeaveSharpObject Memory Corrup...
55148Mozilla Multiple Products Double Frame Construction Memory Corruption
55147Mozilla Multiple Products Browser Engine Multiple Unspecified Memory Corruption
55146Mozilla Multiple Products Browser Engine xulrunner nsWindow::SetCursor Functi...
55145Mozilla Multiple Products Browser Engine nsHTMLEditor::HideResizers contentEd...
55144Mozilla Multiple Products Browser Engine AtomTableClearEntry Multiple Method ...
55143Mozilla Multiple Products Browser Engine nsListBoxBodyFrame::GetNextItemBox x...
55142Mozilla Multiple Products Browser Engine PL_DHashTableFinish style Tag Handli...
55141Mozilla Multiple Products Browser Engine IsPercentageAware Function Memory Co...
55140Mozilla Multiple Products Browser Engine nsTextFrame::ClearTextRun Accessibil...
55139Mozilla Multiple Products Browser Engine UnhookTextRunFromFrames / ClearAllTe...
55138Mozilla Multiple Products Browser Engine nsEventStateManager::GetContentState...
53972Mozilla Multiple Products nsAsyncInstantiateEvent::Run() Frame Handling Memor...
53971Mozilla Multiple Products nsSVGElement::BindToTree svg Handling Memory Corrup...
53970Mozilla Multiple Products js_FindPropertyHelper Error Condition JavaScript En...
53969Mozilla Multiple Products JavaScript Engine gvar Optimization JSOP_DEFVAR Hea...
53968Mozilla Multiple Products XMLHttpRequest Document Creation Principal-based Se...
53967Mozilla Multiple Products js_CheckRedeclaration Shared Object Handling JavaSc...
53966Mozilla Multiple Products gfxSkipCharsIterator::SetOffsets Memory Corruption
53965Mozilla Multiple Products nsStyleContext::Destroy() DOMAttrModified Window Ha...
53964Mozilla Multiple Products PL_DHashTableOperate / nsEditor::EndUpdateViewBatch...
53963Mozilla Multiple Products XSLT Stylesheet Compiling Memory Corruption
53962Mozilla Multiple Products nsComputedDOMStyle::GetWidth Memory Corruption
53961Mozilla Multiple Products nsXULDocument::SynchronizeBroadcastListener Memory ...
53960Mozilla Multiple Products IsBindingAncestor Frame Handling Memory Corruption
53959Mozilla Multiple Products XPCNativeWrapper.toString XSS
53958Mozilla Multiple Products view-source: Scheme Adobe Flash Same-origin Policy ...
53957Mozilla Multiple Products jar Scheme Content-disposition Header Bypass
53955Mozilla Multiple Products Third-party Stylesheet XBL Binding XSS