The unity-firefox-extension package could be tricked into destroying the Unity webapps context, causing Firefox to crash. This could be achieved by spinning the event loop inside the webapps initialization callback. Fixed in 3.0.0+14.04.20140416-0ubuntu1.14.04.1 by shipping an empty package, thus disabling the extension entirely.

Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possibly execute arbitrary code via unknown vectors involving a plug-in.

Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.

Untrusted search path vulnerability in the installer in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 on Windows allows local users to gain privileges via a Trojan horse DLL in the default downloads directory.

The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet.

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.

The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.

Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue.