Search
Total
1158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3001 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent manual add-on installation in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that triggers an unspecified internal error. | |||||
| CVE-2011-3005 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OGG headers in a .ogg file. | |||||
| CVE-2011-3232 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript. | |||||
| CVE-2011-2983 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, possibly related to a use-after-free. | |||||
| CVE-2011-2984 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering for drop events. | |||||
| CVE-2011-2985 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2011-2986 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. | |||||
| CVE-2011-2987 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Almost Native Graphics Layer Engine (ANGLE), as used in the WebGL implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products might allow remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2373 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 7.6 HIGH | N/A |
| Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document. | |||||
| CVE-2011-2372 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 3.5 LOW | N/A |
| Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | |||||
| CVE-2011-2371 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object. | |||||
| CVE-2011-2366 | 1 Mozilla | 3 Firefox, Gecko, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader. | |||||
| CVE-2011-2989 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement WebGL, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2991 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2011-2995 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2011-2375 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2011-2988 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader. | |||||
| CVE-2011-2365 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2364. | |||||
| CVE-2011-2364 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.18 and Thunderbird before 3.1.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-2365. | |||||
| CVE-2011-2362 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | |||||
| CVE-2011-2363 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | |||||
| CVE-2010-2752 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Integer overflow in an array class in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute arbitrary code by placing many Cascading Style Sheets (CSS) values in an array, related to references to external font resources and an inconsistency between 16-bit and 32-bit integers. | |||||
| CVE-2011-0085 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater. | |||||
| CVE-2011-0084 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer." | |||||
| CVE-2011-0083 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a user-supplied callback. | |||||
| CVE-2011-0081 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.6.x before 3.6.17 and 4.x before 4.0.1, and Thunderbird 3.1.x before 3.1.10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2011-0080 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2011-0078 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0077. | |||||
| CVE-2011-0077 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0075, and CVE-2011-0078. | |||||
| CVE-2011-0075 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0074, CVE-2011-0077, and CVE-2011-0078. | |||||
| CVE-2011-0074 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0072, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | |||||
| CVE-2011-0072 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0074, CVE-2011-0075, CVE-2011-0077, and CVE-2011-0078. | |||||
| CVE-2011-0071 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-09-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL. | |||||
| CVE-2011-0070 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0069. | |||||
| CVE-2011-0069 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0070. | |||||
| CVE-2011-0061 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image. | |||||
| CVE-2011-0053 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2011-0062 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-5074 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 4.3 MEDIUM | N/A |
| The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack. | |||||
| CVE-2010-3778 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-3777 | 1 Mozilla | 2 Firefox, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-3776 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2010-3769 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Seamonkey and 1 more | 2017-09-19 | 9.3 HIGH | N/A |
| The line-breaking implementation in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 on Windows does not properly handle long strings, which allows remote attackers to execute arbitrary code via a crafted document.write call that triggers a buffer over-read. | |||||
| CVE-2010-3768 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 do not properly validate downloadable fonts before use within an operating system's font implementation, which allows remote attackers to execute arbitrary code via vectors related to @font-face Cascading Style Sheets (CSS) rules. | |||||
| CVE-2010-3765 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware. | |||||
| CVE-2010-3183 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly support window.__lookupGetter__ function calls that lack arguments, which allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via vectors involving a "dangling pointer" and the JS_ValueToId function. | |||||
| CVE-2010-3182 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 6.9 MEDIUM | N/A |
| A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||
| CVE-2010-3181 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2010-3180 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsBarProp function in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code by accessing the locationbar property of a closed window. | |||||
| CVE-2010-3179 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2017-09-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method. | |||||