Mozilla Firefox — свободный браузер на движке Gecko

layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, in an attacker-readable form, with history entries.

Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome privileged code and objects obtained from remote web sites, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via unspecified method calls, related to "doubly-wrapped objects."

The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373.

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.