- Home
- CVEs with nessus.description==The installed version of Firefox 3.0 is earlier than 3.0.2. Such versions are potentially affected by the following security issues :
- An attacker can cause the content window to move while the mouse is being clicked, causing an item to be dragged rather than clicked-on (MFSA 2008-40).
- Privilege escalation is possible via 'XPCnativeWrapper' pollution (MFSA 2008-41).
- There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption (MFSA 2008-42).
- Certain BOM characters and low surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is executed, which could allow for cross- site scripting attacks (MFSA 2008-43).
- The 'resource:' protocol allows directory traversal on Linux when using URL-encoded slashes, and it can by used to bypass restrictions on local HTML files (MFSA 2008-44).
- By tampering with the window.__proto__.__proto__ object, one can cause the browser to place a lock on a non- native object, leading to a crash and possible code execution. (MFSA 2008-50)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top