- Home
- CVEs with nessus.description==The installed version of Firefox is affected by various security issues :
- Using a specially crafted UTF-8 URL in a hyperlink, an attacker might be able to exploit a stack buffer overflow in the Mozilla URL parsing routes to execute arbitrary code (MFSA 2008-37).
- It is possible to bypass the same-origin check in 'nsXMLDocument::OnChannelRedirect()' (MFSA 2008-38).
- There are a series of vulnerabilities in 'feedWriter' that allow scripts from page content to run with chrome privileges (MFSA 2008-39).
- An attacker can cause the content window to move while the mouse is being clicked, causing an item to be dragged rather than clicked-on (MFSA 2008-40).
- Privilege escalation is possible via 'XPCnativeWrapper' pollution (MFSA 2008-41).
- There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption (MFSA 2008-42).
- Certain BOM characters and low surrogate characters, if HTML-escaped, are stripped from JavaScript code before it is executed, which could allow for cross- site scripting attacks (MFSA 2008-43).
- The 'resource:' protocol allows directory traversal on Linux when using URL-encoded slashes, and it can by used to bypass restrictions on local HTML files (MFSA 2008-44).
- A bug in the XBM decoder allows random small chunks of uninitialized memory to be read (MFSA 2008-45).
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top