Lucene search

K

106 matches found

CVE
CVE
added 2013/01/13 8:55 p.m.80 views

CVE-2013-0761

Use-after-free vulnerability in the mozilla::TrackUnionStream::EndTrack implementation in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code or cause ...

9.3CVSS9.4AI score0.01711EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.80 views

CVE-2013-5612

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header.

4.3CVSS7.7AI score0.00739EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.78 views

CVE-2013-0764

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrary ...

9.3CVSS9.6AI score0.01497EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.78 views

CVE-2013-1737

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass inten...

5CVSS9.1AI score0.00418EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.77 views

CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script...

4CVSS9.1AI score0.00653EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.77 views

CVE-2013-0789

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjec...

10CVSS9.7AI score0.01351EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.76 views

CVE-2013-0779

The nsCodingStateMachine::NextState function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

9.3CVSS7.6AI score0.02362EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.76 views

CVE-2013-1702

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS8AI score0.01241EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.76 views

CVE-2013-1708

Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (application crash) via a crafted WAV file that is not properly handled by the nsCString::CharAt function.

4.3CVSS8.6AI score0.05278EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.76 views

CVE-2013-1730

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly handle movement of XBL-backed nodes between documents, which allows remote attackers to execute arbitrary code or cause a denial of ser...

6.8CVSS9.4AI score0.00729EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.76 views

CVE-2013-5610

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.9AI score0.00881EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.75 views

CVE-2013-1719

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

10CVSS9.8AI score0.02381EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.75 views

CVE-2013-5618

Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by tri...

10CVSS9.6AI score0.10378EPSS
CVE
CVE
added 2013/03/11 10:55 a.m.74 views

CVE-2013-0787

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute...

9.3CVSS9.4AI score0.03359EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.74 views

CVE-2013-5595

The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 does not properly allocate memory for unspecified functions, which allows remote attackers to conduct b...

4.3CVSS7AI score0.01926EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.73 views

CVE-2013-5600

Use-after-free vulnerability in the nsIOService::NewChannelFromURIWithProxyFlags function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute ...

10CVSS7.5AI score0.02688EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.73 views

CVE-2013-5601

Use-after-free vulnerability in the nsEventListenerManager::SetEventHandler function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbit...

10CVSS7.5AI score0.02864EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.72 views

CVE-2013-0745

The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly interact with garbage collection, which allows remote attackers to execute arbitrary code via a cra...

9.3CVSS9.2AI score0.03154EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.72 views

CVE-2013-0747

The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to c...

6.8CVSS9AI score0.02298EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.71 views

CVE-2013-0756

Use-after-free vulnerability in the obj_toSource function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted web page referencing Jav...

9.3CVSS9.3AI score0.01375EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.71 views

CVE-2013-0773

The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) implementations in Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent modifications to a prototype, which allows remote att...

9.3CVSS9.2AI score0.01092EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.71 views

CVE-2013-5593

The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement of HTML within a dropdown menu, which allows remote attackers to spoof the address bar or conduct cli...

4.3CVSS6.2AI score0.00483EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.71 views

CVE-2013-5597

Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad function in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary cod...

10CVSS7.7AI score0.03629EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.71 views

CVE-2013-5616

Use-after-free vulnerability in the nsEventListenerManager::HandleEventSubType function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrup...

9.8CVSS9.6AI score0.02874EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.70 views

CVE-2013-0752

Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XBL file with multiple bindings that ...

9.3CVSS9.4AI score0.02834EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.70 views

CVE-2013-0771

Heap-based buffer overflow in the gfxTextRun::ShrinkToLigatureBoundaries function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via a crafted ...

9.3CVSS9.5AI score0.03151EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.70 views

CVE-2013-0772

The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) via a crafted GIF image.

5.8CVSS8.8AI score0.01287EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.70 views

CVE-2013-0784

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS8AI score0.00647EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.70 views

CVE-2013-5614

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site.

4.3CVSS9.1AI score0.00245EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.69 views

CVE-2013-5615

The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 does not properly enforce certain typeset restrictions on the generation of GetElementIC typed array stubs, which has unspecified impact and remote attack v...

9.8CVSS9.2AI score0.02013EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.68 views

CVE-2013-1720

The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 Tree Builder in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 does not properly maintain the state of the insertion-mode stack for template elements, which allows remote attackers to execute arbitr...

6.8CVSS9.5AI score0.0194EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.68 views

CVE-2013-1724

Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors i...

9.3CVSS9.3AI score0.03159EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.68 views

CVE-2013-1728

The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors.

4.3CVSS8.7AI score0.00769EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.68 views

CVE-2013-1738

Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and fra...

9.3CVSS9.4AI score0.03359EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.68 views

CVE-2013-5603

Use-after-free vulnerability in the nsContentUtils::ContentIsHostIncludingDescendantOf function in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to execute arbitrary code or cause a denial of service (heap memor...

10CVSS7.3AI score0.0527EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.67 views

CVE-2013-0774

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 do not prevent JavaScript workers from reading the browser-profile directory name, which has unspecified impact and remote attack vectors.

4.3CVSS9.1AI score0.00552EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.67 views

CVE-2013-0781

Use-after-free vulnerability in the nsPrintEngine::CommonPrint function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS7.6AI score0.01558EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.66 views

CVE-2013-0794

Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent origin spoofing of tab-modal dialogs, which allows remote attackers to conduct phishing attacks via a crafted web site.

5.8CVSS6.2AI score0.00625EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.66 views

CVE-2013-1705

Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certificate Request Message Format (CRMF) request.

10CVSS7.6AI score0.05283EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.65 views

CVE-2013-1726

Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MA...

6.2CVSS6.2AI score0.00107EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.65 views

CVE-2013-6671

The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements.

10CVSS9.6AI score0.10399EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.65 views

CVE-2013-6672

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations.

4.3CVSS9AI score0.00931EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.64 views

CVE-2013-0751

Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.

5.8CVSS5.5AI score0.00521EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.64 views

CVE-2013-1711

The XrayWrapper implementation in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 does not properly address the possibility of an XBL scope bypass resulting from non-native arguments in XBL function calls, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attack...

4.3CVSS5.5AI score0.01024EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.64 views

CVE-2013-5619

Multiple integer overflows in the binary-search implementation in SpiderMonkey in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 might allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code.

7.5CVSS9.5AI score0.0173EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.63 views

CVE-2013-0765

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

9.3CVSS6.3AI score0.01424EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.63 views

CVE-2013-1704

Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the ...

9.3CVSS7.7AI score0.04703EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.63 views

CVE-2013-1723

The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote attackers to cause a denial of service (application crash) by leveraging incorrect event usage after w...

4.3CVSS8.7AI score0.01337EPSS
CVE
CVE
added 2013/10/30 10:55 a.m.63 views

CVE-2013-5596

The cycle collection (CC) implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly determine the thread for release of an image object, which allows remote attackers to execute arbitrary code or cause a denial ...

6.8CVSS7.4AI score0.01775EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.62 views

CVE-2013-0797

Untrusted search path vulnerability in the Mozilla Updater in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 allows local users to gain privileges via a Trojan horse DLL file in an unspecified dir...

6.9CVSS6.1AI score0.00166EPSS
Total number of security vulnerabilities106