Debian Firefox vulnerabilities

CVE-2005-4720 [MEDIUM] CVE-2005-4720: firefox - Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a de... Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack. Sco

CVE-2005-3896 [HIGH] CVE-2005-3896: firefox - Mozilla allows remote attackers to cause a denial of service (CPU consumption) v... Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. Scope: local sid: resolved (fixed in 1.5.dfsg-1)

CVE-2005-2353 [LOW] CVE-2005-2353: firefox - run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to cre... run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files. Scope: local sid: resolved (fixed in 1.5.dfsg+1.5.0.2-1)

CVE-2005-2395 [MEDIUM] CVE-2005-2395: firefox - Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest... Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available. Scope: local sid: open

CVE-2005-4685 [MEDIUM] CVE-2005-4685: firefox - Firefox and Mozilla can associate a cookie with multiple domains when the DNS re... Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who opera

CVE-2005-2414 [LOW] CVE-2005-2414: firefox - Race condition in the xpcom library, as used by web browsers such as Firefox, Mo... Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted. Scope: local sid: resolved (

CVE-2005-4809 [MEDIUM] CVE-2005-4809: firefox - Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunder... Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag. Scope: local sid: resolved

CVE-2005-4134 [MEDIUM] CVE-2005-4134: firefox - Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows r... Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this is

CVE-2004-2657 [LOW] CVE-2004-2657: firefox - Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of ... Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primar

CVE-2004-1639 [MEDIUM] CVE-2004-1639: firefox - Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attac... Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. Scope: local sid: open