704 matches found
CVE-2014-1508
CVE-2014-1508 affects Mozilla Firefox family components (libxul) where libxul.so!gfxContext::Polygon can leak memory, cause out-of-bounds reads, or crash, with potential Same Origin Policy bypass via MathML polygon rendering. Affected: Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbir...
CVE-2010-1211
CVE-2010-1211 affects Mozilla Firefox 3.5.x before 3.5.11, and 3.6.x before 3.6.7; Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1; SeaMonkey before 2.0.6. The Mozilla browser engine vulnerabilities allow memory corruption leading to memory corruption, DoS, or possibly arbitrary code execut...
CVE-2010-3170
CVE-2010-3170 affects Mozilla Firefox (3.5.x before 3.5.14; 3.6.x before 3.6.11), Thunderbird (before 3.0.9; before 3.1.x before 3.1.5), and SeaMonkey (before 2.0.9). Root cause: wildcard in the X.509 certificate subject Common Name enables MITM by spoofing SSL servers with a cert from a trusted ...
CVE-2010-3178
CVE-2010-3178 affects Mozilla Firefox (before 3.5.14 and 3.6.x before 3.6.11), Thunderbird (before 3.0.9 and 3.1.x before 3.1.5), and SeaMonkey (before 2.0.9). The issue arises from improper handling of certain modal calls made by javascript: URLs when opening a new window and performing cross-do...
CVE-2011-2372
CVE-2011-2372 is described across connected advisories as a vulnerability in Mozilla Firefox and related Mozilla-based apps where merely holding Enter could trigger a download dialog, allowing user-assisted remote attackers to bypass access restrictions via a crafted site. Affected components inc...
CVE-2012-3993
CVE-2012-3993 affects Mozilla Firefox (pre-16.0), Firefox ESR (pre-10.0.8), Thunderbird (pre-16.0), Thunderbird ESR (pre-10.0.8), and SeaMonkey (pre-2.13). The Chrome Object Wrapper (COW) implementation can mishandle InstallTrigger failures, enabling remote JavaScript execution with chrome privil...
CVE-2014-1514
CVE-2014-1514 affects Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25. The issue arises from not validating the length of the destination array before a copy operation in TypedArrayObject, allowing remote attackers to execute arbitrary...
CVE-2010-0182
The CVE-2010-0182 issue affects Mozilla Firefox (pre-3.5.9 and 3.6.x pre-3.6.2), Thunderbird (pre-3.0.4), and SeaMonkey (pre-2.0.4). The root cause is that XMLDocument::load did not perform the expected nsIContentPolicy checks when loading content via XML documents, allowing crafted content to by...
CVE-2014-1512
The provided connected documents confirm multiple Firefox-related CVEs (e.g., CVE-2014-1512 among others) affecting Mozilla Firefox before 28.0, ESR 24.x before 24.4, and related Mozilla products. The primary issue is memory-safety/use-after-free vulnerabilities in the browser engine (notably in ...
CVE-2014-1518
CVE-2014-1518 affects Mozilla Firefox and related browsers (Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, SeaMonkey before 2.26). Reported impact per the connected advisories: remote memory corruption and application crash, with potential arbitrary code execution via...
CVE-2014-1532
CVE-2014-1532 is a use-after-free in Mozilla Firefox’s host-resolution path. Affected products include Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26, where the vulnerability resides in libxul.so's nsHostResolver::ConditionallyRefreshRecord. ...
CVE-2009-3389
CVE-2009-3389 is an integer overflow in libtheora (Theora video library) that affects Mozilla Firefox <3.5.6 and SeaMonkey
CVE-2013-0748
CVE-2013-0748 affects Mozilla Firefox (before 18.0 and ESR 10.x before 10.0.12, and 17.x before 17.0.2), Thunderbird (before 17.0.2, ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The flaw is in XBL.proto .toString, where calling toString on an XBL object can leak a...
CVE-2012-3990
CVE-2012-3990 is a use-after-free vulnerability in the IME State Manager implementation of Mozilla Firefox and related Mozilla products. Affected versions include Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before...
CVE-2013-0775
CVE-2013-0775 is a use-after-free vulnerability in Firefox’s image handling. Specifically, it concerns nsImageLoadingContent::OnStopContainer and affects Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16. ...
CVE-2013-0796
CVE-2013-0796 is a WebGL/Mesa driver interaction flaw in Mozilla Firefox (and related Mozilla apps like Thunderbird and SeaMonkey) on Linux that could allow remote code execution or DoS. The issue arises from how WebGL interacts with Mesa drivers, enabling exploitation via unspecified vectors. Pu...
CVE-2014-1486
CVE-2014-1486 is a use-after-free in Mozilla Firefox’s imgRequestProxy function (affecting Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24). The vulnerability enables remote code execution via image data with unspecified Content-Type values. Mirac...
CVE-2009-0689
CVE-2009-0689 is an array-index error in libc’s dtoa/gdtoa floating-point conversion code (dtoa.c/pdtoa.c and gdtoa/misc.c) that can be triggered by a large precision value passed to printf, causing a denial of service (crash) and potentially arbitrary code execution. Affected platforms include F...
CVE-2010-2753
CVE-2010-2753 affects Mozilla Firefox (3.5.x before 3.5.11; 3.6.x before 3.6.7), Thunderbird (3.0.x before 3.0.6; 3.1.x before 3.1.1), and SeaMonkey before 2.0.6. Root cause: integer overflow in the XUL tree selection attribute can trigger a use-after-free when handling a large selection in a XUL...
CVE-2012-1976
CVE-2012-1976 refers to a Use-after-free in Mozilla Firefox’s nsHTMLSelectElement::SubmitNamesValues. Affected products include Firefox before 15.0, Firefox ESR before 10.0.7 (10.x), Thunderbird before 15.0, Thunderbird ESR before 10.0.7, and SeaMonkey before 2.12. Impact per the description is r...
CVE-2013-0800
CVE-2013-0800 : An integer signedness error in the pixman_fill_sse2 function (pixman-sse2.c) used by Cairo and shipped with Mozilla Firefox and related products allows a remote attacker to trigger an out-of-bounds write via crafted values (negative box boundary or negative box size). This affects...
CVE-2013-1732
CVE-2013-1732 is a buffer overflow in Mozilla's nsFloatManager::GetFlowArea that affects Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21. This allows remote attackers to execute arbitrary code via crafted ...
CVE-2013-0795
CVE-2013-0795 affects Mozilla Firefox (before 20.0) and related Mozilla stack (ESR 17.x before 17.0.5, Thunderbird before 17.0.5, SeaMonkey before 2.17). The issue arises from the System Only Wrapper (SOW) allowing a crafted site to clone a protected node via cloneNode, bypassing the Same Origin ...
CVE-2011-2373
CVE-2011-2373 concerns a use-after-free in Mozilla Firefox (prior to 3.6.18 and 4.x up to 4.0.1), Thunderbird (before 3.1.11), and SeaMonkey (through 2.0.14). The vulnerability occurs when JavaScript is disabled and an attacker provides a crafted XUL document, enabling remote code execution. The ...
CVE-2012-1972
CVE-2012-1972 is a use-after-free in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox, with remote code execution/denial of service via heap memory corruption. Affected products/versions include Firefox prior to 15.0, Firefox ESR 10.x prior to 10.0.7, and Thunderbird prior ...
CVE-2013-0744
CVE-2013-0744 is a use-after-free in the TableBackgroundPainter::TableBackgroundData::Destroy function of Mozilla Firefox prior to 18.0 (and Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2), Thunderbird prior to 17.0.2/ESR 10.x before 10.0.12/17.x before 17.0.2, and SeaMonkey prior to 2.15...
CVE-2013-0783
CVE-2013-0783 refers to multiple unspecified vulnerabilities in the Mozilla Firefox browser engine (Firefox <19.0, ESR 17.x <17.0.3, Thunderbird <17.0.3, SeaMonkey
CVE-2013-1717
CVE-2013-1717: Local-filesystem access via Java applets not properly restricted in Mozilla Firefox (before 23.0; ESR 17.x before 17.0.8), SeaMonkey (before 2.20), and Thunderbird (before 17.0.8). This allows user‑assisted reading of arbitrary files through downloads to fixed/predictable paths. Co...
CVE-2014-1479
CVE-2014-1479 affects Mozilla Firefox (including ESR 24.x line), Thunderbird, and SeaMonkey before versions around 27.0/24.x 24.3/SeaMonkey 2.24. The flaw, in the System Only Wrapper (SOW) implementation, does not prevent certain cloning operations, allowing remote attackers to bypass restriction...
CVE-2014-1530
CVE-2014-1530 affects Mozilla Firefox family components (Firefox before 29.0, ESR 24.x before 24.5, Thunderbird before 24.5, SeaMonkey before 2.26). The issue arises in the docshell loading logic: a crafted site performing history navigation can set a spoofed baseURI, enabling cross-site scriptin...
CVE-2014-1531
CVE-2014-1531 is a use-after-free vulnerability in Mozilla Firefox’s image handling. The flaw occurs in nsGenericHTMLElement::GetWidthHeightForImage during an image-resize operation and can be triggered via an imgLoader object, allowing remote attackers to cause heap memory corruption and potenti...
CVE-2014-1587
CVE-2014-1587 affects Mozilla Firefox before 34.0, Firefox ESR before 31.3, Thunderbird before 31.3, and SeaMonkey before 2.31. It stems from memory safety bugs in the browser engine that can be exploited remotely to cause memory corruption, denial of service, or possibly arbitrary code execution...
CVE-2007-0008
CVE-2007-0008 is an NSS heap-based overflow caused by an integer underflow when processing an SSLv2 server message with a key too short to encrypt the Master Secret. It affects SeaMonkey, Firefox, and Thunderbird around NSS usage and was addressed by updating to fixed NSS-containing packages (e.g...
CVE-2010-2764
CVE-2010-2764 affects Mozilla Firefox (before 3.5.12 and before 3.6.9), Thunderbird (before 3.0.7 and before 3.1.3), and SeaMonkey (before 2.0.7). The flaw: read access to XMLHttpRequest.statusText is not properly restricted, enabling remote attackers to determine the existence of intranet web se...
CVE-2012-3972
CVE-2012-3972 affects the XSLT format-number functionality in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12. The vulnerability allows remote attackers to obtain sensitive information via unspecif...
CVE-2013-0746
CVE-2013-0746 affects Mozilla products including Firefox (before 18.0), Firefox ESR (before 10.0.12 and 17.x before 17.0.2), Thunderbird (before 17.0.2, and ESR 10.x before 10.0.12 and 17.x before 17.0.2), and SeaMonkey (before 2.15). The issue is a quickstubs/jsval return-value handling flaw tha...
CVE-2014-1497
CVE-2014-1497 affects mozilla::WaveReader::DecodeAudioData in Mozilla Firefox up to 28.0 (and ESR 24.x up to 24.4), Thunderbird up to 24.4, and SeaMonkey up to 2.25. A crafted WAV file can cause information disclosure from process heap memory and can trigger a denial of service via an out-of-boun...
CVE-2009-0776
CVE-2009-0776 affects Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15. Root cause: nsIRDFService allows a cross-domain redirect to bypass the same-origin policy, enabling reading XML data from a different domain. Impact per sources: remote read access to cro...
CVE-2010-1199
CVE-2010-1199 : Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node. Affected products are t...
CVE-2010-1214
CVE-2010-1214 describes an integer overflow in plugin content handling that affects Mozilla Firefox 3.5.x (before 3.5.11) and Firefox 3.6.x (before 3.6.7), and SeaMonkey before 2.0.6. The vulnerability arises from an integer overflow when parsing plugin parameter elements, leading to memory corru...
CVE-2010-3180
The CVE-2010-3180 use-after-free affects Mozilla products: Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9. The issue arises in the nsBarProp function when accessing the locationbar property of a closed window, enabling re...
CVE-2014-1481
CVE-2014-1481 affects Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24. It enables remote attackers to bypass restrictions on window objects by exploiting inconsistencies in native JavaScript engine getter methods. Impact per sources is...
CVE-2014-1482
CVE-2014-1482 affects Mozilla Firefox and related Mozilla products. The issue is that RasterImage.cpp does not prevent access to discarded image data, enabling remote attackers to run arbitrary code or cause a denial of service via crafted image data (Goo Create demonstrated). Affected versions i...
CVE-2009-3979
CVE-2009-3979 affects Mozilla products including Firefox (before 3.0.16 and 3.5.x before 3.5.6), SeaMonkey (before 2.0.1), and Thunderbird according to the initial description and connected advisories. The vulnerability allows a remote attacker to cause memory corruption and application crashes o...
CVE-2010-0654
CVE-2010-0654 affects Mozilla family: Firefox 3.5.x up to 3.5.10 and 3.6.x up to 3.6.6, Thunderbird 3.0.x up to 3.0.5 and 3.1.x up to 3.1.0, and SeaMonkey before 2.0.6. The root cause is cross-origin loading of CSS stylesheets when the stylesheet download has an incorrect MIME type and the styles...
CVE-2010-3169
CVE-2010-3169 affects Mozilla's browser engine across multiple products: Firefox ≤ 3.5.11 (and 3.6.x prior to 3.6.9), Thunderbird ≤ 3.0.6 (and 3.1.x prior to 3.1.3), and SeaMonkey ≤ 2.0.6 (prior to 2.0.7). The issue is described as memory safety vulnerabilities in the browser engine that could al...
CVE-2012-4194
The CVE-2012-4194 issue affects Mozilla Firefox and related Mozilla components where the valueOf shadowing of the location object (window.location) enables cross-site scripting via plugin vectors. Affected software and versions (stated in the provided sources) include: Mozilla Firefox before 16.0...
CVE-2013-0787
CVE-2013-0787 is a Use-after-free in Mozilla Firefox’s editor component (nsEditor::IsPreformatted) that could allow remote code execution. Affected: Firefox <19.0.2, Firefox ESR <17.0.4, Thunderbird <17.0.4, Thunderbird ESR <17.0.4, and SeaMonkey
CVE-2013-1713
CVE-2013-1713 affects Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20. It arises from an incorrect URI comparison during enforcement of the Same Origin Policy, enabling remote attackers to perfor...
CVE-2006-0297
CVE-2006-0297 involves integer overflow vulnerabilities in Mozilla-based products. Affects Mozilla Firefox 1.5, Thunderbird 1.5, and SeaMonkey before 1.0 when JavaScript is enabled in mail. The issues stem from three vulnerable code paths: (1) EscapeAttributeValue in jsxml.c (E4X), (2) nsSVGCairo...