Lucene search
+L
MozillaSeamonkey

704 matches found

CVE
CVE
added 2014/03/19 10:0 a.m.160 views

CVE-2014-1508

CVE-2014-1508 affects Mozilla Firefox family components (libxul) where libxul.so!gfxContext::Polygon can leak memory, cause out-of-bounds reads, or crash, with potential Same Origin Policy bypass via MathML polygon rendering. Affected: Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbir...

9.1CVSS9.1AI score0.0427EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.159 views

CVE-2010-1211

CVE-2010-1211 affects Mozilla Firefox 3.5.x before 3.5.11, and 3.6.x before 3.6.7; Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1; SeaMonkey before 2.0.6. The Mozilla browser engine vulnerabilities allow memory corruption leading to memory corruption, DoS, or possibly arbitrary code execut...

9.3CVSS10AI score0.03726EPSS
CVE
CVE
added 2010/10/21 6:12 p.m.159 views

CVE-2010-3170

CVE-2010-3170 affects Mozilla Firefox (3.5.x before 3.5.14; 3.6.x before 3.6.11), Thunderbird (before 3.0.9; before 3.1.x before 3.1.5), and SeaMonkey (before 2.0.9). Root cause: wildcard in the X.509 certificate subject Common Name enables MITM by spoofing SSL servers with a cert from a trusted ...

4.3CVSS8.2AI score0.01096EPSS
CVE
CVE
added 2010/10/21 6:12 p.m.159 views

CVE-2010-3178

CVE-2010-3178 affects Mozilla Firefox (before 3.5.14 and 3.6.x before 3.6.11), Thunderbird (before 3.0.9 and 3.1.x before 3.1.5), and SeaMonkey (before 2.0.9). The issue arises from improper handling of certain modal calls made by javascript: URLs when opening a new window and performing cross-do...

5.8CVSS8.3AI score0.01398EPSS
CVE
CVE
added 2011/09/29 12:0 a.m.159 views

CVE-2011-2372

CVE-2011-2372 is described across connected advisories as a vulnerability in Mozilla Firefox and related Mozilla-based apps where merely holding Enter could trigger a download dialog, allowing user-assisted remote attackers to bypass access restrictions via a crafted site. Affected components inc...

3.5CVSS9.1AI score0.00921EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.159 views

CVE-2012-3993

CVE-2012-3993 affects Mozilla Firefox (pre-16.0), Firefox ESR (pre-10.0.8), Thunderbird (pre-16.0), Thunderbird ESR (pre-10.0.8), and SeaMonkey (pre-2.13). The Chrome Object Wrapper (COW) implementation can mishandle InstallTrigger failures, enabling remote JavaScript execution with chrome privil...

9.3CVSS9.1AI score0.42609EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.159 views

CVE-2014-1514

CVE-2014-1514 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue arises from not validating the length of the destination array before a copy operation in TypedArrayObject, allowing remote attackers to execute arbitrary...

9.8CVSS9.5AI score0.06087EPSS
CVE
CVE
added 2010/04/05 5:0 p.m.158 views

CVE-2010-0182

The CVE-2010-0182 issue affects Mozilla Firefox (pre-3.5.9 and 3.6.x pre-3.6.2), Thunderbird (pre-3.0.4), and SeaMonkey (pre-2.0.4). The root cause is that XMLDocument::load did not perform the expected nsIContentPolicy checks when loading content via XML documents, allowing crafted content to by...

4.3CVSS9.2AI score0.0119EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.158 views

CVE-2014-1512

The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...

10CVSS9.4AI score0.31373EPSS
CVE
CVE
added 2014/04/30 10:0 a.m.158 views

CVE-2014-1518

CVE-2014-1518 affects Mozilla Firefox and related browsers (Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, SeaMonkey before 2.26). Reported impact per the connected advisories: remote memory corruption and application crash, with potential arbitrary code execution via...

9.3CVSS8.9AI score0.0598EPSS
CVE
CVE
added 2014/04/30 10:0 a.m.158 views

CVE-2014-1532

CVE-2014-1532 is a use-after-free in Mozilla Firefox’s host-resolution path. Affected products include Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26, where the vulnerability resides in libxul.so's nsHostResolver::ConditionallyRefreshRecord. ...

9.8CVSS8.3AI score0.04648EPSS
CVE
CVE
added 2009/12/17 5:0 p.m.157 views

CVE-2009-3389

CVE-2009-3389 is an integer overflow in libtheora (Theora video library) that affects Mozilla Firefox <3.5.6 and SeaMonkey

9.3CVSS10AI score0.04785EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.157 views

CVE-2013-0748

CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...

4.3CVSS9.2AI score0.01998EPSS
CVE
CVE
added 2012/10/10 5:0 p.m.156 views

CVE-2012-3990

CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...

9.3CVSS9.4AI score0.05201EPSS
CVE
CVE
added 2013/02/19 11:0 p.m.156 views

CVE-2013-0775

CVE-2013-0775 is a use-after-free vulnerability in Firefox’s image handling. Specifically, it concerns nsImageLoadingContent::OnStopContainer and affects Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16. ...

9.3CVSS9.6AI score0.03498EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.156 views

CVE-2013-0796

CVE-2013-0796 is a WebGL/Mesa driver interaction flaw in Mozilla Firefox (and related Mozilla apps like Thunderbird and SeaMonkey) on Linux that could allow remote code execution or DoS. The issue arises from how WebGL interacts with Mesa drivers, enabling exploitation via unspecified vectors. Pu...

10CVSS9.5AI score0.07953EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.156 views

CVE-2014-1486

CVE-2014-1486 is a use-after-free in Mozilla Firefox’s imgRequestProxy function (affecting Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24). The vulnerability enables remote code execution via image data with unspecified Content-Type values. Mirac...

10CVSS8.8AI score0.07072EPSS
CVE
CVE
added 2009/07/01 12:26 p.m.155 views

CVE-2009-0689

CVE-2009-0689 is an array-index error in libc’s dtoa/gdtoa floating-point conversion code (dtoa.c/pdtoa.c and gdtoa/misc.c) that can be triggered by a large precision value passed to printf, causing a denial of service (crash) and potentially arbitrary code execution. Affected platforms include F...

6.8CVSS7.5AI score0.28167EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.155 views

CVE-2010-2753

CVE-2010-2753 affects Mozilla Firefox (3.5.x before 3.5.11; 3.6.x before 3.6.7), Thunderbird (3.0.x before 3.0.6; 3.1.x before 3.1.1), and SeaMonkey before 2.0.6. Root cause: integer overflow in the XUL tree selection attribute can trigger a use-after-free when handling a large selection in a XUL...

9.3CVSS9.7AI score0.06672EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.155 views

CVE-2012-1976

CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...

10CVSS9.4AI score0.05613EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.155 views

CVE-2013-0800

CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...

6.8CVSS9.7AI score0.03941EPSS
CVE
CVE
added 2013/09/18 10:0 a.m.155 views

CVE-2013-1732

CVE-2013-1732 is a buffer overflow in Mozilla's nsFloatManager::GetFlowArea that affects Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21. This allows remote attackers to execute arbitrary code via crafted ...

9.3CVSS9.7AI score0.08894EPSS
CVE
CVE
added 2013/04/03 10:0 a.m.154 views

CVE-2013-0795

CVE-2013-0795 affects Mozilla Firefox (before 20.0) and related Mozilla stack (ESR 17.x before 17.0.5, Thunderbird before 17.0.5, SeaMonkey before 2.17). The issue arises from the System Only Wrapper (SOW) allowing a crafted site to clone a protected node via cloneNode, bypassing the Same Origin ...

10CVSS9.5AI score0.03429EPSS
CVE
CVE
added 2011/06/30 4:0 p.m.153 views

CVE-2011-2373

CVE-2011-2373 concerns a use-after-free in Mozilla Firefox (prior to 3.6.18 and 4.x up to 4.0.1), Thunderbird (before 3.1.11), and SeaMonkey (through 2.0.14). The vulnerability occurs when JavaScript is disabled and an attacker provides a crafted XUL document, enabling remote code execution. The ...

7.6CVSS9.5AI score0.0496EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.153 views

CVE-2012-1972

CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...

10CVSS9.4AI score0.05566EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.153 views

CVE-2013-0744

CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...

9.3CVSS9.6AI score0.06147EPSS
CVE
CVE
added 2013/02/19 11:0 p.m.153 views

CVE-2013-0783

CVE-2013-0783 refers to multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (Firefox <19.0, ESR 17.x <17.0.3, Thunderbird <17.0.3, SeaMonkey

9.3CVSS9.9AI score0.04676EPSS
CVE
CVE
added 2013/08/07 1:0 a.m.152 views

CVE-2013-1717

CVE-2013-1717: Local-filesystem access via Java applets not properly restricted in Mozilla Firefox (before 23.0; ESR 17.x before 17.0.8), SeaMonkey (before 2.20), and Thunderbird (before 17.0.8). This allows user‑assisted reading of arbitrary files through downloads to fixed/predictable paths. Co...

5.4CVSS9.1AI score0.02424EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.152 views

CVE-2014-1479

CVE-2014-1479 affects Mozilla Firefox (including ESR 24.x line), Thunderbird, and SeaMonkey before versions around 27.0/24.x 24.3/SeaMonkey 2.24. The flaw, in the System Only Wrapper (SOW) implementation, does not prevent certain cloning operations, allowing remote attackers to bypass restriction...

7.5CVSS8.3AI score0.04602EPSS
CVE
CVE
added 2014/04/30 10:0 a.m.152 views

CVE-2014-1530

CVE-2014-1530 affects Mozilla Firefox family components (Firefox before 29.0, ESR 24.x before 24.5, Thunderbird before 24.5, SeaMonkey before 2.26). The issue arises in the docshell loading logic: a crafted site performing history navigation can set a spoofed baseURI, enabling cross-site scriptin...

6.1CVSS6.9AI score0.01666EPSS
CVE
CVE
added 2014/04/30 10:0 a.m.152 views

CVE-2014-1531

CVE-2014-1531 is a use-after-free vulnerability in Mozilla Firefox’s image handling. The flaw occurs in nsGenericHTMLElement::GetWidthHeightForImage during an image-resize operation and can be triggered via an imgLoader object, allowing remote attackers to cause heap memory corruption and potenti...

9.3CVSS8.3AI score0.05589EPSS
CVE
CVE
added 2014/12/11 11:0 a.m.152 views

CVE-2014-1587

CVE-2014-1587 affects Mozilla Firefox before 34.0, Firefox ESR before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31. It stems from memory safety bugs in the browser engine that can be exploited remotely to cause memory corruption, denial of service, or possibly arbitrary code execution...

6.8CVSS5.7AI score0.03546EPSS
CVE
CVE
added 2007/02/26 8:0 p.m.151 views

CVE-2007-0008

CVE-2007-0008 is an NSS heap-based overflow caused by an integer underflow when processing an SSLv2 server message with a key too short to encrypt the Master Secret. It affects SeaMonkey, Firefox, and Thunderbird around NSS usage and was addressed by updating to fixed NSS-containing packages (e.g...

6.8CVSS7.4AI score0.04335EPSS
CVE
CVE
added 2010/09/09 6:0 p.m.151 views

CVE-2010-2764

CVE-2010-2764 affects Mozilla Firefox (before 3.5.12 and before 3.6.9), Thunderbird (before 3.0.7 and before 3.1.3), and SeaMonkey (before 2.0.7). The flaw: read access to XMLHttpRequest.statusText is not properly restricted, enabling remote attackers to determine the existence of intranet web se...

4.3CVSS8.3AI score0.02001EPSS
CVE
CVE
added 2012/08/29 10:0 a.m.151 views

CVE-2012-3972

CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...

5CVSS8.8AI score0.03957EPSS
CVE
CVE
added 2013/01/13 8:0 p.m.151 views

CVE-2013-0746

CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...

9.3CVSS9.5AI score0.04485EPSS
CVE
CVE
added 2014/03/19 10:0 a.m.151 views

CVE-2014-1497

CVE-2014-1497 affects mozilla::WaveReader::DecodeAudioData in Mozilla Firefox up to 28.0 (and ESR 24.x up to 24.4), Thunderbird up to 24.4, and SeaMonkey up to 2.25. A crafted WAV file can cause information disclosure from process heap memory and can trigger a denial of service via an out-of-boun...

8.8CVSS9.4AI score0.02826EPSS
CVE
CVE
added 2009/03/05 2:0 a.m.150 views

CVE-2009-0776

CVE-2009-0776 affects Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15. Root cause: nsIRDFService allows a cross-domain redirect to bypass the same-origin policy, enabling reading XML data from a different domain. Impact per sources: remote read access to cro...

7.1CVSS9.2AI score0.016EPSS
CVE
CVE
added 2010/06/23 6:0 p.m.150 views

CVE-2010-1199

CVE-2010-1199 : Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Affected products are t...

9.3CVSS9.6AI score0.11418EPSS
CVE
CVE
added 2010/07/30 8:0 p.m.150 views

CVE-2010-1214

CVE-2010-1214 describes an integer overflow in plugin content handling that affects Mozilla Firefox 3.5.x (before 3.5.11) and Firefox 3.6.x (before 3.6.7), and SeaMonkey before 2.0.6. The vulnerability arises from an integer overflow when parsing plugin parameter elements, leading to memory corru...

9.3CVSS9.8AI score0.07585EPSS
CVE
CVE
added 2010/10/21 6:12 p.m.150 views

CVE-2010-3180

The CVE-2010-3180 use-after-free affects Mozilla products: Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9. The issue arises in the nsBarProp function when accessing the locationbar property of a closed window, enabling re...

9.3CVSS8.9AI score0.04644EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.150 views

CVE-2014-1481

CVE-2014-1481 affects Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24. It enables remote attackers to bypass restrictions on window objects by exploiting inconsistencies in native JavaScript engine getter methods. Impact per sources is...

7.5CVSS8.5AI score0.03889EPSS
CVE
CVE
added 2014/02/06 2:0 a.m.150 views

CVE-2014-1482

CVE-2014-1482 affects Mozilla Firefox and related Mozilla products. The issue is that RasterImage.cpp does not prevent access to discarded image data, enabling remote attackers to run arbitrary code or cause a denial of service via crafted image data (Goo Create demonstrated). Affected versions i...

9.3CVSS9AI score0.06304EPSS
CVE
CVE
added 2009/12/17 5:0 p.m.149 views

CVE-2009-3979

CVE-2009-3979 affects Mozilla products including Firefox (before 3.0.16 and 3.5.x before 3.5.6), SeaMonkey (before 2.0.1), and Thunderbird according to the initial description and connected advisories. The vulnerability allows a remote attacker to cause memory corruption and application crashes o...

9.3CVSS9.2AI score0.03963EPSS
CVE
CVE
added 2010/02/18 5:19 p.m.149 views

CVE-2010-0654

CVE-2010-0654 affects Mozilla family: Firefox 3.5.x up to 3.5.10 and 3.6.x up to 3.6.6, Thunderbird 3.0.x up to 3.0.5 and 3.1.x up to 3.1.0, and SeaMonkey before 2.0.6. The root cause is cross-origin loading of CSS stylesheets when the stylesheet download has an incorrect MIME type and the styles...

4.3CVSS7.5AI score0.01867EPSS
CVE
CVE
added 2010/09/09 6:0 p.m.149 views

CVE-2010-3169

CVE-2010-3169 affects Mozilla's browser engine across multiple products: Firefox ≤ 3.5.11 (and 3.6.x prior to 3.6.9), Thunderbird ≤ 3.0.6 (and 3.1.x prior to 3.1.3), and SeaMonkey ≤ 2.0.6 (prior to 2.0.7). The issue is described as memory safety vulnerabilities in the browser engine that could al...

9.3CVSS9.3AI score0.03726EPSS
CVE
CVE
added 2012/10/29 6:0 p.m.149 views

CVE-2012-4194

The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...

4.3CVSS8.2AI score0.02835EPSS
CVE
CVE
added 2013/03/11 10:0 a.m.149 views

CVE-2013-0787

CVE-2013-0787 is a Use-after-free in Mozilla Firefox’s editor component (nsEditor::IsPreformatted) that could allow remote code execution. Affected: Firefox <19.0.2, Firefox ESR <17.0.4, Thunderbird <17.0.4, Thunderbird ESR <17.0.4, and SeaMonkey

9.3CVSS9.4AI score0.06398EPSS
CVE
CVE
added 2013/08/07 1:0 a.m.149 views

CVE-2013-1713

CVE-2013-1713 affects Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20. It arises from an incorrect URI comparison during enforcement of the Same Origin Policy, enabling remote attackers to perfor...

4.3CVSS8.2AI score0.0162EPSS
CVE
CVE
added 2006/02/02 10:0 p.m.148 views

CVE-2006-0297

CVE-2006-0297 involves integer overflow vulnerabilities in Mozilla-based products. Affects Mozilla Firefox 1.5, Thunderbird 1.5, and SeaMonkey before 1.0 when JavaScript is enabled in mail. The issues stem from three vulnerable code paths: (1) EscapeAttributeValue in jsxml.c (E4X), (2) nsSVGCairo...

5.1CVSS7.3AI score0.03852EPSS
Total number of security vulnerabilities704