Firefox

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:mozilla:firefox:3.2:beta2:*:*:*:*:*:*

part: a version: 3.2 update: beta2

VendorMozilla (be1b0d4e-21a7-5a25-9982-bbda6ef43ec1)
ProductFirefox (d152d976-2d5e-5cc4-89b6-e80c6d067896)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/firefox purl2cpe 2026-06-01 10:17:52.884110
pkg:mozilla/mozilla-central purl2cpe 2026-06-01 10:17:52.884111
pkg:rpm/fedora/firefox purl2cpe 2026-06-01 10:17:52.884113
pkg:rpm/opensuse/mozillafirefox purl2cpe 2026-06-01 10:17:52.884114

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2010-1210 vulnerable 2026-06-03 14:30:13.394812 Details available
intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 inserts a U+FFFD sequence into text in certain circumstances involving undefined positions, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted 8-bit text.
Published: 2010-07-30T20:00:00.000Z
Updated: 2024-08-07T01:14:06.669Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2009-2654 vulnerable 2026-06-03 14:29:42.340548 Details available
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
Published: 2009-08-03T14:00:00.000Z
Updated: 2024-08-07T05:59:56.565Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.