Certain versions of Mozilla Firefox ship with a flawed implementation of the 'js_valueToFunctionObject()' function. As a result, a malicious web page can circumvent its internal security mechanism and execute arbitrary code under the privileges of the browser process.
Certain versions of Mozilla Firefox ship with a fast history mechanism that causes some windows to become translucent. A malicious web page could be constructed to take advantage of this to cause the user to unknowingly interact with an invisible window and execute arbitrary code under the privileges of the browser process.
Certain versions of Mozilla Firefox contain a flaw in the XBL-handling logic that allows arbitrary code execution under the privileges of the browser process when the 'Print Preview' option is used.
Certain versions of Mozilla Firefox improperly allow Javascript code to modify a file uploading input type. As a result, a malicious web page could trick an unsuspecting user into uploading sensitive files.
Certain versions of Mozilla Firefox contain a flaw in the logic that handles DHTML. As a result, a malicious web page can corrupt the browser's memory and execute arbitrary code under the privileges of the browser process.
Certain versions of Mozilla Firefox contain a flaw in the logic that handles the Cascading Style Sheet (CSS) 'Letter Spacing' attribute. As a result, a malicious web page can cause a heap overflow and execute arbitrary code under the privileges of the browser process.
Certain versions of Mozilla Firefox contain a flawed implementation of the 'crypto.generateCRMFRequest()' function. As a result, a malicious web site can execute arbitrary code under the privileges of the browser process.
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption.
