Lookup for vulnerable packages by Package URL.
| Purl | pkg:mozilla/Firefox@3.0.19 |
|---|
| Type | mozilla |
|---|
| Namespace | |
|---|
| Name | Firefox |
|---|
| Version | 3.0.19 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | false |
|---|
| Next_non_vulnerable_version | 3.5.0 |
|---|
| Latest_non_vulnerable_version | 151.0.0 |
|---|
| Affected_by_vulnerabilities |
|
|---|
| Fixing_vulnerabilities |
| 0 |
| url |
VCID-4qcc-z8qp-83e5 |
| vulnerability_id |
VCID-4qcc-z8qp-83e5 |
| summary |
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that a select event handler for XUL
tree items could be called after the tree item was deleted. This
results in the execution of previously freed memory which an attacker
could use to crash a victim's browser and run arbitrary code on the
victim's computer.This vulnerability does not affect Firefox 3.6 |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0175
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4qcc-z8qp-83e5 |
|
| 1 |
| url |
VCID-ccxj-6r97-9uac |
| vulnerability_id |
VCID-ccxj-6r97-9uac |
| summary |
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in the implementation of
the window.navigator.plugins object. When a page
reloads, the plugins array would reallocate all of its members without
checking for existing references to each member. This could result in
the deletion of objects for which valid pointers still exist. An
attacker could use this vulnerability to crash a victim's browser and
run arbitrary code on the victim's machine. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0177
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ccxj-6r97-9uac |
|
| 2 |
| url |
VCID-qq5u-em1p-9kat |
| vulnerability_id |
VCID-qq5u-em1p-9kat |
| summary |
Mozilla developers identified and fixed several stability bugs in
the browser engine used in Firefox and other Mozilla-based
products. Some of these crashes showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0173
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qq5u-em1p-9kat |
|
| 3 |
| url |
VCID-tr7s-z4p8-jbdn |
| vulnerability_id |
VCID-tr7s-z4p8-jbdn |
| summary |
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative an error in the
way <option> elements are inserted into a XUL
tree <optgroup>. In certain cases, the number of
references to an <option> element is under-counted so
that when the element is deleted, a live pointer to its old location
is kept around and may later be used. An attacker could potentially
use these conditions to run arbitrary code on a victim's computer. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0176
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tr7s-z4p8-jbdn |
|
| 4 |
| url |
VCID-w2pm-349a-ayc4 |
| vulnerability_id |
VCID-w2pm-349a-ayc4 |
| summary |
Mozilla security researcher moz_bug_r_a4 reported
that the XMLHttpRequestSpy module in the Firebug add-on was exposing
an underlying chrome privilege escalation vulnerability. When the
XMLHttpRequestSpy object was created, it would attach various
properties of itself to objects defined in web content, which were not
being properly wrapped to prevent their exposure to chrome privileged
objects. This could result in an attacker running arbitrary
JavaScript on a victim's machine, though it required the victim to
have Firebug installed, so the overall severity of the issue was
determined to be High.This vulnerability does not affect Firefox 3.6 |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0179
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w2pm-349a-ayc4 |
|
| 5 |
| url |
VCID-w9jx-nwdg-8yaw |
| vulnerability_id |
VCID-w9jx-nwdg-8yaw |
| summary |
Security researcher Paul Stone reported that a
browser applet could be used to turn a simple mouse click into a
drag-and-drop action, potentially resulting in the unintended loading
of resources in a user's browser. This behavior could be used twice
in succession to first load a privileged chrome: URL in a
victim's browser, then load a malicious javascript: URL
on top of the same document resulting in arbitrary script execution
with chrome privileges. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-0178
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w9jx-nwdg-8yaw |
|
|
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.0.19 |
|---|