Lucene search

K
MozillaFirefox3.5.16

59 matches found

CVE
CVE
added 2011/08/18 6:55 p.m.179 views

CVE-2011-0084

The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox before 3.6.20, and 4.x through 5; Thunderbird 3.x before 3.1.12 and other versions before 6; SeaMonkey 2.x before 2.3; and possibly other products does not properly handle SVG text, which allows remote attackers to execute arbitrar...

10CVSS9.7AI score0.05474EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.125 views

CVE-2011-2371

Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.

10CVSS9.7AI score0.87002EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.105 views

CVE-2015-0822

The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

4.3CVSS9.2AI score0.00637EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.103 views

CVE-2011-0083

Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execut...

10CVSS9.7AI score0.02451EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.101 views

CVE-2011-0080

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitra...

10CVSS10AI score0.0176EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.100 views

CVE-2015-0836

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS10AI score0.01513EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.99 views

CVE-2011-0073

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."

10CVSS9.6AI score0.81161EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.98 views

CVE-2011-2363

Use-after-free vulnerability in the nsSVGPointList::AppendElement function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of service (application crash) or possibly execut...

10CVSS9.7AI score0.02451EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.97 views

CVE-2015-0831

Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via cra...

6.8CVSS9.6AI score0.01704EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.95 views

CVE-2011-2373

Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14, when JavaScript is disabled, allows remote attackers to execute arbitrary code via a crafted XUL document.

7.6CVSS9.5AI score0.02711EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.94 views

CVE-2011-0070

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut...

10CVSS9.9AI score0.02187EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.93 views

CVE-2011-0077

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.92 views

CVE-2011-0074

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.92 views

CVE-2011-0078

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.89 views

CVE-2011-0065

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.

10CVSS9.5AI score0.83259EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.89 views

CVE-2011-0067

Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly implement autocompletion for forms, which allows remote attackers to read form history entries via a Java applet that spoofs interaction with the autocomplete controls.

5CVSS9AI score0.0052EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.89 views

CVE-2011-0072

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.89 views

CVE-2011-2374

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.04001EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.87 views

CVE-2015-0821

Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.

6.8CVSS6.9AI score0.01796EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.85 views

CVE-2011-0085

Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the current command updater.

10CVSS9.5AI score0.02451EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.85 views

CVE-2011-2362

Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers.

5CVSS9.2AI score0.01226EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.83 views

CVE-2011-0066

Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mObserverList.

10CVSS9.5AI score0.04219EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.83 views

CVE-2011-0069

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut...

10CVSS9.9AI score0.02187EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.83 views

CVE-2014-1489

Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site.

4.3CVSS8.7AI score0.01246EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.82 views

CVE-2011-0075

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.02326EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.82 views

CVE-2011-2981

The event-management implementation in Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly select the context for script to run in, which allows remote attackers to bypass the Same Origin Policy or execute arbitrary JavaScript c...

9.3CVSS9.3AI score0.01281EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.79 views

CVE-2011-2378

The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird 3.x before 3.1.12, SeaMonkey 2.x, and possibly other products does not properly handle DOM objects, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to dereferencing of a "dangling pointe...

10CVSS9.6AI score0.03719EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.79 views

CVE-2011-2984

Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering f...

10CVSS9.5AI score0.01478EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.79 views

CVE-2015-0819

The UITour::onPageEvent function in Mozilla Firefox before 36.0 does not ensure that an API call originates from a foreground tab, which allows remote attackers to conduct spoofing and clickjacking attacks by leveraging access to a UI Tour web site.

4.3CVSS9AI score0.0082EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.79 views

CVE-2015-0827

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.

4.3CVSS9.2AI score0.01281EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.78 views

CVE-2011-2376

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.18 and Thunderbird before 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.01659EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.78 views

CVE-2011-2983

Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data from a different domain via a crafted web site, p...

4.3CVSS9.1AI score0.00849EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.77 views

CVE-2011-2982

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ar...

10CVSS10AI score0.0176EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.75 views

CVE-2015-0835

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

7.5CVSS9.9AI score0.01508EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.72 views

CVE-2011-0071

Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 on Windows allows remote attackers to determine the existence of arbitrary files, and possibly load resources, via vectors involving a resource: URL.

5CVSS9.2AI score0.01674EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.72 views

CVE-2011-2377

Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace image.

5CVSS9.9AI score0.04613EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.71 views

CVE-2015-0823

Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly have unspecified other impact by leveraging incorrect macro expansion, related to the ots::ots_gasp_pa...

7.5CVSS9.8AI score0.01442EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.71 views

CVE-2015-0832

Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.5...

5CVSS9AI score0.00135EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.70 views

CVE-2011-2370

Mozilla Firefox before 5.0 does not properly enforce the whitelist for the xpinstall functionality, which allows remote attackers to trigger an installation dialog for a (1) add-on or (2) theme via unspecified vectors.

5CVSS9.1AI score0.00309EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.69 views

CVE-2011-2605

CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing a...

4.3CVSS9.3AI score0.04001EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.69 views

CVE-2015-0833

Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working direct...

6.9CVSS9.1AI score0.00052EPSS
CVE
CVE
added 2011/06/30 4:55 p.m.68 views

CVE-2011-2375

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 5.0 and Thunderbird through 3.1.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS10AI score0.02013EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.68 views

CVE-2015-0824

The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and application crash) via vectors that trigger use of DrawTarget and the Cairo library for image drawing.

5CVSS8.8AI score0.0181EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.67 views

CVE-2015-0826

The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) via a crafted Cascading Style Sheets (CSS) token sequence that triggers a restyle or reflow operatio...

6.8CVSS9.4AI score0.00796EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.67 views

CVE-2015-0829

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

6.8CVSS9.5AI score0.02647EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.66 views

CVE-2011-0076

Unspecified vulnerability in the Java Embedding Plugin (JEP) in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, on Mac OS X allows remote attackers to bypass intended access restrictions via unknown vectors.

7.5CVSS9.1AI score0.00391EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.65 views

CVE-2015-0834

The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time wi...

4.3CVSS9AI score0.00587EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.64 views

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web sit...

2.6CVSS9.1AI score0.00305EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.64 views

CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLH...

6.8CVSS9.5AI score0.01358EPSS
CVE
CVE
added 2015/02/25 11:59 a.m.63 views

CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback.

4.3CVSS8.8AI score0.00758EPSS
Total number of security vulnerabilities59