CVE-2013-6629

The CVE-2013-6629 issue affects libjpeg 6b and libjpeg-turbo up to 1.3.0, used by Chrome prior to 31.0.1650.48, Ghostscript, and other products. The vulnerability arises in get_sos() in jdmarker.c, which does not properly validate certain duplications of component data after SOS JPEG markers, all...

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

CVE-2015-4000

CVE-2015-4000 is the Logjam vulnerability: when a server enables DHE_EXPORT ciphers and the client does not, the TLS handshake may downgrade to 512‑bit export‑grade DH, allowing a MITM to decrypt traffic. Public details describe the issue in TLS as a downgrade attack on Diffie–Hellman key exchang...

CVE-2013-2566

CVE-2013-2566 involves RC4 biases in TLS/SSL allowing plaintext-recovery via large volumes of sessions with the same plaintext. Multiple connected sources confirm this issue affecting products such as F5 BIG-IP (various modules) and IBM Proventia/SiteProtector family. Affected in some BIG-IP rele...

CVE-2009-0652

CVE-2009-0652 describes an IDN spoofing vulnerability where the IDN blacklist in Mozilla Firefox (and related Mozilla apps) failed to exclude box-drawing characters, enabling homoglyph-based phishing in subdomains of a .cn domain. Affected products include Firefox 3.0.6 (and others prior to 3.0.9...

CVE-2010-0178

CVE-2010-0178 affects Mozilla Firefox up to 3.0.19, Firefox 3.5.x up to 3.5.9, Firefox 3.6.x up to 3.6.2, and SeaMonkey up to 2.0.3 (before 2.0.4). The vulnerability allows an applet to convert a mouse click into a drag‑and‑drop, enabling remote JavaScript execution with Chrome privileges by firs...

CVE-2014-1568

CVE-2014-1568 covers NSS (and libraries using NSS) where ASN.1 parsing of DigestInfo in X.509 certificates is faulty, enabling remote attackers to forge RSA signatures via crafted certs. Affected NSS/products include NSS itself and Mozilla stack components (Firefox, Thunderbird, SeaMonkey) and Ch...

CVE-2010-1205

CVE-2010-1205 is a buffer overflow in libpng (pngpread.c) that could allow remote code execution via a crafted PNG image. Affected libpng versions are prior to 1.2.44 and prior to 1.4.3. The overflow is tied to the internal copy in pngpread.c and is described across advisories mentioning memory c...

CVE-2012-0444

CVE-2012-0444 describes a heap-based memory corruption vulnerability in the libvorbis Ogg Vorbis parser that could allow remote code execution or a crash when processing crafted Ogg Vorbis files. Affected products across Mozilla ecosystem (Firefox, Thunderbird, Seamonkey and related XULRunner/Ice...

CVE-2013-0753

CVE-2013-0753 is a Use‑after‑free vulnerability in Mozilla Firefox’s XMLSerializer.serializeToStream, affecting Firefox before 18.0 (and ESR/Thunderbird/SeaMonkey variants) and allowing remote code execution via crafted content. The issue is exploitable as part of Firefox 17.x lineage; Metasploit...

CVE-2013-0758

CVE-2013-0758 affects Mozilla Firefox (pre-18.0), Firefox ESR (pre-10.0.12 and pre-17.0.2), Thunderbird (pre-17.0.2, including ESR 10.x pre-10.0.12 and pre-17.0.2), and SeaMonkey (pre-2.15). It allows remote attackers to execute arbitrary JavaScript with chrome privileges due to improper interact...

CVE-2009-2408

CVE-2009-2408 affects Mozilla NSS up to 3.12.2/Firefox up to 3.0.12/ Thunderbird up to 2.0.0.22 and SeaMonkey up to 1.1.17. The issue is improper handling of a '\0' character in the domain name present in the certificate subject’s Common Name (CN) field of an X.509 certificate. This enables a man...

CVE-2011-0084

CVE-2011-0084 affects Mozilla Firefox prior to 3.6.20 and 4.x–5, Thunderbird 3.x prior to 3.1.12 and other versions before 6, SeaMonkey 2.x before 2.3, and possibly other Mozilla products. The underlying issue is in SVGTextElement.getCharNumAtPosition where SVG text is not handled correctly, allo...

CVE-2011-3000

Affected software: Mozilla Firefox before 3.6.23 and 4.x through 6; also affects Thunderbird before 7.0 and SeaMonkey before 2.4. Root cause: HTTP response handling flaw that allows HTTP response splitting when responses contain multiple Location, Content-Length, or Content-Disposition headers. I...

CVE-2014-1528

CVE-2014-1528 affects Cairo/Pixman used by Firefox 28.0 and SeaMonkey 2.25 on Windows. The vulnerability is in sse2_composite_src_x888_8888 and is an out-of-bounds write, which the initial description states can enable remote arbitrary code execution or cause a denial of service (application cras...

CVE-2012-0469

CVE-2012-0469 is a use-after-free in Mozilla Firefox/Thunderbird/SeaMonkey components involving the IndexedDB IDBKeyRange cycleCollection Trace path. Affects Firefox 4.x–11.0, ESR 10.x before 10.0.4, Thunderbird 5.0–11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9. Root cause: u...

CVE-2010-3765

CVE-2010-3765 is a remote code execution/memory corruption vulnerability in Mozilla’s browser stack (Firefox, SeaMonkey, Thunderbird) triggered when JavaScript runs. Technical root cause involves DOM/frame construction logic, including nsCSSFrameConstructor::ContentAppended, the appendChild path,...

CVE-2012-5829

CVE-2012-5829 is a heap-based buffer overflow in the nsWindow::OnExposeEvent function affecting Mozilla Firefox before 17.0, Firefox ESR before 10.0.11, Thunderbird before 17.0, Thunderbird ESR before 10.0.11, and SeaMonkey before 2.14. Connected documents confirm this vulnerability across multip...

CVE-2011-3079

CVE-2011-3079 concerns an IPC message validation weakness in Chrome’s IPC implementation (also used by Firefox prior to 38.0) that could allow sandbox escape due to insufficient authentication/validation in the listener process. Connected advisories indicate an earlier fix added authentication be...

CVE-2011-2371

CVE-2011-2371 is an integer overflow in Mozilla Firefox’s Array.reduceRight that could cause remote code execution when processing very large JavaScript arrays. Affected products include Firefox up to 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14. The issue...

CVE-2012-0441

The CVE-2012-0441 issue affects the NSS ASN.1 decoder QuickDER. The flaw allows a remote attacker to trigger a denial of service (application crash) via a zero-length item in ASN.1 structures (e.g., a zero-length basic constraint or a zero-length OCSP field). Affected software includes NSS-based ...

CVE-2014-1505

CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...

CVE-2012-4186

CVE-2012-4186 : Heap-based buffer overflow in Mozilla Firefox’s nsWaveReader::DecodeAudioData. Affected products include Firefox before 16.0 (and Firefox ESR 10.x before 10.0.8), Thunderbird before 16.0, and SeaMonkey before 2.13. Vectors are unspecified in the provided docs, but exploitation wou...

CVE-2013-1710

CVE-2013-1710 affects Mozilla Firefox and related Mozilla-based products via a flaw in Certificate Request Message Format (CRMF) request generation that could allow remote JavaScript execution or cross-site scripting. Specifically, vulnerable components include Firefox before 23.0, Firefox ESR 17...

CVE-2006-1733

CVE-2006-1733 affects Mozilla Firefox and Thunderbird 1.x before 1.5, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0. The flaw is in the compilation scope handling of privileged built‑in XBL bindings, enabling a remote attacker to run arbitrary code via (1) valueOf.call or (2) valueOf.appl...

CVE-2010-2760

CVE-2010-2760 is a use-after-free in the XUL nsTreeSelection handling within Mozilla Firefox (pre-3.5.12 and 3.6.x prior to 3.6.9), Thunderbird (pre-3.0.7 and 3.1.x prior to 3.1.3), and SeaMonkey (pre-2.0.7). The root cause is a dangling pointer issue in the XUL tree selection leading to potentia...

CVE-2006-1735

CVE-2006-1735 affects Mozilla Firefox and Thunderbird 1.x prior to 1.5 and 1.0.x prior to 1.0.8, Mozilla Suite prior to 1.7.13, and SeaMonkey prior to 1.0. The vulnerability arises from using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with ...

CVE-2013-0754

CVE-2013-0754 is a use-after-free in the ListenerManager of Mozilla Firefox (and related Firefox ESR, Thunderbird, SeaMonkey). According to the description, triggering garbage collection after memory allocation for listener objects can allow a remote attacker to execute arbitrary code. Affected p...

CVE-2015-0818

CVE-2015-0818 affects Mozilla Firefox (pre-36.0.4), Firefox ESR (pre-31.5.3 for 31.x), and SeaMonkey (pre-2.33.1). The root cause is a flaw in processing SVG hash navigation that bypasses the Same Origin Policy, allowing remote attackers to execute arbitrary JavaScript with chrome privileges. The...

CVE-2014-1490

CVE-2014-1490 : A race condition in NSS libssl session ticket processing (use-after-free) could allow remote attackers to cause a denial of service or, per the description, potentially other impact via a resumption handshake. Affected: NSS up to 3.15.4 and, by extension, Mozilla products (Firefox...

CVE-2013-0788

CVE-2013-0788 concerns multiple unspecified vulnerabilities in the Mozilla Firefox browser engine that can cause memory corruption, a crash, or possibly arbitrary code execution. Affected products include Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ...

CVE-2014-1510

CVE-2014-1510 is a WebIDL-related remote code execution in Mozilla Firefox family (Firefox, Thunderbird, SeaMonkey) where an IDL fragment can trigger window.open with chrome privileges. Affected products and versions are Mozilla Firefox (pre-28.0 and ESR 24.x before 24.4 for some branches), Thund...

CVE-2012-1952

CVE-2012-1952 is a memory-safety/typical bad-cast flaw in Mozilla’s nsTableFrame::InsertFrames that occurs when processing mixed row-group and column-group frames. Affected products include Mozilla Firefox 4.x–13.0, Firefox ESR 10.x prior to 10.0.6, Thunderbird 5.0–13.0, Thunderbird ESR 10.x prio...

CVE-2006-3803

CVE-2006-3803 is a race-condition vulnerability in the JavaScript garbage collector that can be exploited to execute arbitrary code remotely. Affected products include Mozilla Firefox 1.5 prior to 1.5.0.5, Thunderbird prior to 1.5.0.5, and SeaMonkey prior to 1.0.3. The issue occurs when the garba...

CVE-2006-1737

CVE-2006-1737 is described as an integer overflow in JavaScript when processing a very large regular expression, affecting Mozilla Firefox/Thunderbird (and related Mozilla-suite components) prior to specified updates. Connected advisories corroborate a memory-currption/robustness issue in JavaScr...

CVE-2010-3177

CVE-2010-3177 affects Mozilla Firefox (before 3.5.14 and before 3.6.11) and SeaMonkey (before 2.0.9). The issue is a cross-site scripting (XSS) vulnerability in the Gopher parser that allows remote attackers to inject arbitrary script or HTML via the name of a file or directory on a Gopher server...

CVE-2013-1718

CVE-2013-1718 is a remote memory-safety vulnerability in the Mozilla Firefox/Thunderbird/SeaMonkey browser engine. The issue affects Firefox up to version 24.0, Firefox ESR 17.x up to 17.0.9, Thunderbird up to 24.0, Thunderbird ESR 17.x up to 17.0.9, and SeaMonkey up to 2.21, and can lead to memo...

CVE-2014-1509

CVE-2014-1509 is a buffer overflow in cairo's _cairo_truetype_index_to_ucs4 function that affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The vulnerability can allow remote code execution via a crafted extension that renders f...

CVE-2013-0750

CVE-2013-0750 is a high-severity vulnerability in Mozilla’s JavaScript engine where an integer overflow during string concatenation can lead to heap-based memory corruption and remote code execution. Affected products include Firefox prior to 18.0 (and ESR branches), Thunderbird prior to 17.0.2, ...

CVE-2009-1307

CVE-2009-1307 is evidenced in connected documents as a vulnerability in the view-source: URI handling in Mozilla Firefox before 3.0.9 (also affecting Thunderbird and SeaMonkey) that breaks the Same Origin Policy. It enables remote attackers to bypass cross-domain restrictions and connect to arbit...

CVE-2013-0757

CVE-2013-0757 affects Mozilla Firefox (and related Mozilla-based apps) via a Chrome Object Wrapper (COW) bypass that allows changing the prototype of an object, enabling arbitrary code execution with chrome privileges. The SUSE/openSUSE and Gentoo/Nessus summaries map this to MFSA 2013-14 and lis...

CVE-2013-5609

CVE-2013-5609 is a set of memory-corruption/denial-of-service vulnerabilities in the Mozilla Firefox browser engine, affecting Firefox (including ESR 24.x) and related products prior to versions around 26.0 (per the referenced MiracleLinux AXSA advisories). The issues could allow remote attackers...

CVE-2015-0817

CVE-2015-0817 is a vulnerability in the asm.js/JIT bounds checking of Mozilla Firefox (and related Mozilla products) that can allow a remote attacker to read/write memory and potentially execute arbitrary code due to improper bounds checks during JIT compilation. Connected IBM advisories confirm ...

CVE-2011-0080

CVE-2011-0080 corresponds to multiple memory‑corruption/browser engine vulnerabilities in Mozilla Firefox 3.5.x before 3.5.19, Firefox 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14. The MiracleLinux advisories (AXSA:2011-198/203) enumerate these as a set of memory‑sa...

CVE-2010-3178

CVE-2010-3178 affects Mozilla Firefox (before 3.5.14 and 3.6.x before 3.6.11), Thunderbird (before 3.0.9 and 3.1.x before 3.1.5), and SeaMonkey (before 2.0.9). The issue arises from improper handling of certain modal calls made by javascript: URLs when opening a new window and performing cross-do...

CVE-2014-1512

The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...

CVE-2009-3389

CVE-2009-3389 is an integer overflow in libtheora (Theora video library) that affects Mozilla Firefox <3.5.6 and SeaMonkey

CVE-2010-3182

CVE-2010-3182 impacts Mozilla Firefox (before 3.5.14 and 3.6.x before 3.6.11), Thunderbird (before 3.0.9 and 3.1.x before 3.1.5), and SeaMonkey (before 2.0.9) on Linux. Root cause: an application-launch script places a zero-length directory name in LD_LIBRARY_PATH, enabling a local user to load a...

CVE-2011-2372

CVE-2011-2372 is described across connected advisories as a vulnerability in Mozilla Firefox and related Mozilla-based apps where merely holding Enter could trigger a download dialog, allowing user-assisted remote attackers to bypass access restrictions via a crafted site. Affected components inc...

CVE-2014-1477

CVE-2014-1477 affects Mozilla Firefox before 27.0 (and related ESR/Thunderbird/SeaMonkey versions) where the browser engine contains multiple unspecified vulnerabilities that could lead to memory corruption, application crashes, or possibly arbitrary code execution via unknown vectors. Exploitati...