Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Seamonkey
(Mozilla)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 705 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-01-20 | CVE-2008-5913 | The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." | Firefox, Seamonkey | N/A | ||
| 2008-12-17 | CVE-2008-5512 | Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5510 | The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines. | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5508 | Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks. | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5507 | Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API. | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5506 | Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5503 | The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings. | Firefox, Seamonkey, Thunderbird | N/A | ||
| 2008-12-17 | CVE-2008-5502 | The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) via vectors that trigger memory corruption, related to the GetXMLEntity and FastAppendChar functions. | Ubuntu_linux, Firefox, Seamonkey | N/A | ||
| 2008-12-17 | CVE-2008-5501 | The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure. | Ubuntu_linux, Firefox, Seamonkey | N/A | ||
| 2008-12-17 | CVE-2008-5500 | The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reachable assertion or (2) an integer overflow. | Ubuntu_linux, Debian_linux, Firefox, Seamonkey, Thunderbird | N/A |