Lucene search

K
MozillaSeamonkey

704 matches found

CVE
CVE
added 2013/09/18 10:8 a.m.78 views

CVE-2013-1737

Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass inten...

5CVSS9.1AI score0.00418EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.78 views

CVE-2014-1479

The System Only Wrapper (SOW) implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 does not prevent certain cloning operations, which allows remote attackers to bypass intended restrictions on XUL content via vectors involvi...

7.5CVSS8.3AI score0.01468EPSS
CVE
CVE
added 2014/04/30 10:49 a.m.78 views

CVE-2014-1530

The docshell implementation in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to trigger the loading of a URL with a spoofed baseURI property, and conduct cross-site scripting (XSS) attacks, via a crafted web sit...

6.1CVSS6.9AI score0.00756EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.77 views

CVE-2006-1736

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes th...

2.6CVSS6AI score0.01623EPSS
CVE
CVE
added 2006/07/27 8:4 p.m.77 views

CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Javascript that leads to memory corruption, including (1) nsListControlFrame::FireMe...

7.5CVSS7.7AI score0.18952EPSS
CVE
CVE
added 2006/11/08 10:7 p.m.77 views

CVE-2006-5463

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.

7.5CVSS6.8AI score0.09098EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.77 views

CVE-2006-6499

The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service via any plugins that...

4.3CVSS6.1AI score0.23595EPSS
CVE
CVE
added 2007/07/03 10:30 a.m.77 views

CVE-2007-3511

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated by...

4.3CVSS6.3AI score0.02495EPSS
CVE
CVE
added 2007/09/12 8:17 p.m.77 views

CVE-2007-4841

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer ...

9.3CVSS7.2AI score0.43235EPSS
CVE
CVE
added 2008/03/27 10:44 a.m.77 views

CVE-2008-1234

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

4.3CVSS7.9AI score0.08249EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.77 views

CVE-2008-2799

Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown vectors related to the JavaScript engine.

10CVSS7.9AI score0.08431EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.77 views

CVE-2008-2811

The block reflow implementation in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image whose display requires more pixels than nscoord_MAX, rela...

10CVSS7.8AI score0.26861EPSS
CVE
CVE
added 2008/09/24 8:37 p.m.77 views

CVE-2008-4061

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd ele...

10CVSS10AI score0.01429EPSS
CVE
CVE
added 2009/03/05 2:30 a.m.77 views

CVE-2009-0773

The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-set elements," which causes jsarray.cpp to p...

10CVSS9.6AI score0.09167EPSS
CVE
CVE
added 2009/12/17 5:30 p.m.77 views

CVE-2009-3983

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.

6.8CVSS8.1AI score0.0103EPSS
CVE
CVE
added 2010/02/22 1:0 p.m.77 views

CVE-2010-0159

The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsBlock...

10CVSS8.8AI score0.02147EPSS
CVE
CVE
added 2010/04/05 5:30 p.m.77 views

CVE-2010-0177

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, frees the contents of the window.navigator.plugins array while a reference to an array element is still active, which allows remote attackers to execute arbitrary code or cause a denial of service...

9.3CVSS9.6AI score0.06167EPSS
CVE
CVE
added 2010/06/24 12:30 p.m.77 views

CVE-2010-1196

Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-bas...

9.3CVSS9.6AI score0.0552EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.77 views

CVE-2010-3774

The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle (1) about:neterror and (2) about:certerror pages, which allows remote attackers to spoof the location bar via a craf...

4.3CVSS8.9AI score0.01165EPSS
CVE
CVE
added 2010/12/10 7:0 p.m.77 views

CVE-2010-3778

Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, Thunderbird before 3.0.11, and SeaMonkey before 2.0.11 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

9.3CVSS9.7AI score0.05098EPSS
CVE
CVE
added 2011/03/11 2:1 a.m.77 views

CVE-2011-1187

Google Chrome before 10.0.648.127 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, related to an "error message leak."

5CVSS9AI score0.00891EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.77 views

CVE-2011-2982

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute ar...

10CVSS10AI score0.0176EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.77 views

CVE-2011-2993

The implementation of digital signatures for JAR files in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not prevent calls from unsigned JavaScript code to signed code, which allows remote attackers to bypass the Same Origin Policy and gain privileges via ...

9.3CVSS9.4AI score0.03972EPSS
CVE
CVE
added 2012/03/30 10:55 p.m.77 views

CVE-2011-3062

Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.

6.8CVSS9.4AI score0.02392EPSS
CVE
CVE
added 2012/03/14 7:55 p.m.77 views

CVE-2012-0458

Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which all...

6.8CVSS9.4AI score0.032EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.77 views

CVE-2012-0467

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and appli...

10CVSS10AI score0.02914EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.77 views

CVE-2012-1937

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and appl...

9.3CVSS10AI score0.01723EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.77 views

CVE-2012-1967

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper pr...

10CVSS9.5AI score0.03399EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.77 views

CVE-2012-4188

Heap-based buffer overflow in the Convolve3x3 function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors.

9.3CVSS9.6AI score0.55611EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.77 views

CVE-2012-5835

Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) v...

10CVSS9.1AI score0.02068EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.77 views

CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web script...

4CVSS9.1AI score0.00653EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.77 views

CVE-2013-0789

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 20.0 and SeaMonkey before 2.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the nsContentUtils::HoldJSObjec...

10CVSS9.7AI score0.01351EPSS
CVE
CVE
added 2015/01/14 11:59 a.m.77 views

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors.

7.5CVSS9.3AI score0.83612EPSS
CVE
CVE
added 2006/06/07 10:2 a.m.76 views

CVE-2006-2894

Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box ...

4CVSS6.2AI score0.06905EPSS
CVE
CVE
added 2006/07/27 8:4 p.m.76 views

CVE-2006-3802

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.

5.8CVSS5.4AI score0.03094EPSS
CVE
CVE
added 2006/07/27 7:4 p.m.76 views

CVE-2006-3807

Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the const...

7.5CVSS7.2AI score0.2749EPSS
CVE
CVE
added 2006/12/20 1:28 a.m.76 views

CVE-2006-6504

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.

9.3CVSS7.2AI score0.40686EPSS
CVE
CVE
added 2007/10/21 8:17 p.m.76 views

CVE-2007-5337

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when running on Linux systems with gnome-vfs support, might allow remote attackers to read arbitrary files on SSH/sftp servers that accept key authentication by creating a web page on the target server, in which the web page contains URIs w...

4.3CVSS6.5AI score0.01383EPSS
CVE
CVE
added 2008/07/07 11:41 p.m.76 views

CVE-2008-2802

Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 allow remote attackers to execute arbitrary code via an XUL document that includes a script from a chrome: URI that points to a fastload file, related to this file's "privilege level."

7.5CVSS7.5AI score0.06797EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.76 views

CVE-2008-5016

The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via multiple vectors that trigger an assertion failure or other consequences.

5CVSS9.3AI score0.10419EPSS
CVE
CVE
added 2008/12/17 11:30 p.m.76 views

CVE-2008-5507

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which genera...

6CVSS9.6AI score0.00535EPSS
CVE
CVE
added 2009/04/22 6:30 p.m.76 views

CVE-2009-1311

Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow user-assisted remote attackers to obtain sensitive information via a web page with an embedded frame, which causes POST data from an outer page to be sent to the inner frame's URL during a SAVEMODE_FILEONLY save of the inner frame.

4.3CVSS9AI score0.00868EPSS
CVE
CVE
added 2009/06/12 9:30 p.m.76 views

CVE-2009-1834

Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 allows remote attackers to spoof the location bar via an IDN with invalid Unicode characters that are displayed as whitespace, as demonstrated by the \u115A through \u115...

4.3CVSS7.4AI score0.15054EPSS
CVE
CVE
added 2009/12/17 5:30 p.m.76 views

CVE-2009-3986

Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.

7.6CVSS9.7AI score0.0243EPSS
CVE
CVE
added 2010/02/22 1:0 p.m.76 views

CVE-2010-0162

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote att...

4.3CVSS8.6AI score0.00817EPSS
CVE
CVE
added 2010/09/09 7:0 p.m.76 views

CVE-2010-3168

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict the role of property changes in triggering XUL tree removal, which allows remote attackers to cause a denial of service (deleted memory access a...

9.3CVSS9.2AI score0.04835EPSS
CVE
CVE
added 2011/03/02 8:0 p.m.76 views

CVE-2011-0056

Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an "atom map" issue.

10CVSS9.5AI score0.06955EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.76 views

CVE-2012-3956

Use-after-free vulnerability in the MediaStreamGraphThreadRunnable::Run function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial...

10CVSS9.4AI score0.02313EPSS
CVE
CVE
added 2012/10/10 5:55 p.m.76 views

CVE-2012-3991

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have uns...

9.3CVSS9.4AI score0.01916EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.76 views

CVE-2012-4216

Use-after-free vulnerability in the gfxFont::GetFontEntry function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service ...

9.3CVSS9AI score0.0639EPSS
Total number of security vulnerabilities704