Lucene search

K
MozillaSeamonkey

704 matches found

CVE
CVE
added 2012/10/10 5:55 p.m.99 views

CVE-2012-3989

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly perform a cast of an unspecified variable during use of the instanceof operator on a JavaScript object, which allows remote attackers to execute arbitrary code or cause a denial of service (assertion fai...

9.3CVSS9.5AI score0.00854EPSS
CVE
CVE
added 2012/10/12 10:44 a.m.99 views

CVE-2012-4192

Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow remote attackers to bypass the Same Origin Policy and read the properties of a Location object via a crafted web site, a related issue to CVE-2012-4193.

4.3CVSS8.8AI score0.01406EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.99 views

CVE-2012-4202

Heap-based buffer overflow in the image::RasterImage::DrawFrameTo function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code via a crafted GIF ima...

9.3CVSS9AI score0.06753EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.99 views

CVE-2013-0765

Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.

9.3CVSS6.3AI score0.01424EPSS
CVE
CVE
added 2013/08/07 1:55 a.m.99 views

CVE-2013-1704

Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the ...

9.3CVSS7.7AI score0.04703EPSS
CVE
CVE
added 2013/09/18 10:8 a.m.99 views

CVE-2013-1721

Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.

9.3CVSS7.6AI score0.00638EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.99 views

CVE-2014-1500

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (resource consumption and application hang) via onbeforeunload events that trigger background JavaScript execution.

5CVSS9AI score0.02256EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.99 views

CVE-2014-1511

Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.

9.8CVSS9AI score0.75961EPSS
CVE
CVE
added 2007/02/26 7:28 p.m.98 views

CVE-2007-0995

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.

4.3CVSS6.1AI score0.01498EPSS
CVE
CVE
added 2012/04/25 10:10 a.m.98 views

CVE-2012-0474

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via ...

4.3CVSS7.3AI score0.00685EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.98 views

CVE-2012-1938

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) m...

9.3CVSS9.9AI score0.01248EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.98 views

CVE-2012-1945

Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME ele...

2.9CVSS8.4AI score0.00192EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.98 views

CVE-2012-1961

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attack...

4.3CVSS9.1AI score0.01172EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.98 views

CVE-2012-3967

The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remo...

9.3CVSS9.3AI score0.00593EPSS
CVE
CVE
added 2012/11/21 12:55 p.m.98 views

CVE-2012-4213

Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.

9.3CVSS8.8AI score0.02868EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.98 views

CVE-2013-0762

Use-after-free vulnerability in the imgRequest::OnStopFrame function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allows remote attackers to ex...

9.3CVSS9.6AI score0.02669EPSS
CVE
CVE
added 2015/01/14 11:59 a.m.98 views

CVE-2014-8640

The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in the Web Audio API implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly restrict timeline operations, which allows remote attackers to cause a denial of service (uninitialized-memory read and a...

5CVSS8.7AI score0.0114EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.97 views

CVE-2009-3373

Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.

10CVSS7.6AI score0.13491EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.97 views

CVE-2011-0070

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execut...

10CVSS9.9AI score0.02941EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.97 views

CVE-2011-0077

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.03127EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.97 views

CVE-2011-0078

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.03127EPSS
CVE
CVE
added 2012/06/05 11:55 p.m.97 views

CVE-2012-1944

The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

4.3CVSS8AI score0.00696EPSS
CVE
CVE
added 2012/07/18 10:26 a.m.97 views

CVE-2012-1957

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote ...

4.3CVSS8.4AI score0.00998EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.97 views

CVE-2012-1973

Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial ...

10CVSS9.4AI score0.04246EPSS
CVE
CVE
added 2013/01/13 8:55 p.m.97 views

CVE-2013-0769

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote attackers to cause a denia...

9.3CVSS9.9AI score0.01145EPSS
CVE
CVE
added 2013/02/19 11:55 p.m.97 views

CVE-2013-0778

The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.

9.3CVSS7.6AI score0.01558EPSS
CVE
CVE
added 2006/11/08 9:7 p.m.96 views

CVE-2006-5462

Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatur...

6.4CVSS5.6AI score0.12793EPSS
CVE
CVE
added 2007/02/26 7:28 p.m.96 views

CVE-2007-0775

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.

3.7CVSS7.6AI score0.20376EPSS
CVE
CVE
added 2007/02/16 1:28 a.m.96 views

CVE-2007-0981

Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to ...

7.5CVSS6.3AI score0.17452EPSS
CVE
CVE
added 2008/06/19 9:41 p.m.96 views

CVE-2008-2785

Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird before 2.0.0.16, and SeaMonkey before 1.1.11 use an incorrect integer data type as a CSS object reference counter in the CSSValue array (aka nsCSSValue:Array) data structure, which allows remote attackers to execute arbitrary code vi...

9.3CVSS9.2AI score0.0952EPSS
CVE
CVE
added 2009/10/29 2:30 p.m.96 views

CVE-2009-3372

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.

9.3CVSS7.2AI score0.01985EPSS
CVE
CVE
added 2010/02/22 1:0 p.m.96 views

CVE-2009-3988

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via crafted dialogArg...

5CVSS8.5AI score0.0021EPSS
CVE
CVE
added 2010/04/05 5:30 p.m.96 views

CVE-2010-0181

Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey before 2.0.4, executes a mail application in situations where an IMG element has a SRC attribute that is a redirect to a mailto: URL, which allows remote attackers to cause a denial of service (excessive application launches) via an...

4.3CVSS9AI score0.0264EPSS
CVE
CVE
added 2010/06/24 12:30 p.m.96 views

CVE-2010-1197

Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) ...

4.3CVSS8.4AI score0.00998EPSS
CVE
CVE
added 2011/03/02 8:0 p.m.96 views

CVE-2011-0053

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code...

10CVSS10AI score0.02496EPSS
CVE
CVE
added 2011/05/07 6:55 p.m.96 views

CVE-2011-0074

Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code vi...

10CVSS10AI score0.03127EPSS
CVE
CVE
added 2013/04/03 11:56 a.m.96 views

CVE-2013-0792

Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a gra...

4.3CVSS6.2AI score0.00935EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.96 views

CVE-2013-6673

Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 do not recognize a user's removal of trust from an EV X.509 certificate, which makes it easier for man-in-the-middle attackers to spoof SSL servers in opportunistic circumstances via a vali...

5.9CVSS6.9AI score0.00545EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.96 views

CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart...

2.6CVSS8.1AI score0.00606EPSS
CVE
CVE
added 2014/12/11 11:59 a.m.96 views

CVE-2014-1591

Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in CSP violation reports, which allows remote attackers to obtain sensitive information via a web site that receives a report after a redirect.

4.3CVSS8.8AI score0.00272EPSS
CVE
CVE
added 2015/01/14 11:59 a.m.96 views

CVE-2014-8637

Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly initialize memory for BMP images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers the rendering of malformed BMP data within a CANVAS element.

5CVSS8.7AI score0.00489EPSS
CVE
CVE
added 2015/05/14 10:59 a.m.96 views

CVE-2015-0797

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v...

6.8CVSS8AI score0.07609EPSS
CVE
CVE
added 2006/04/14 10:2 a.m.95 views

CVE-2006-1730

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

9.3CVSS7.6AI score0.26483EPSS
CVE
CVE
added 2006/11/08 9:7 p.m.95 views

CVE-2006-5464

Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.

5CVSS6.4AI score0.22092EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.95 views

CVE-2008-5014

jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by modifying the window.proto .proto object in a way that ca...

10CVSS9.9AI score0.25205EPSS
CVE
CVE
added 2008/11/13 11:30 a.m.95 views

CVE-2008-5018

The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via vectors related to "insufficient class checking" in the Date class.

10CVSS9.2AI score0.20193EPSS
CVE
CVE
added 2011/08/18 6:55 p.m.95 views

CVE-2011-2986

Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products, when the Direct2D (aka D2D) API is used on Windows, allows remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data i...

5CVSS9.2AI score0.00379EPSS
CVE
CVE
added 2012/08/29 10:56 a.m.95 views

CVE-2012-3976

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and SeaMonkey before 2.12 do not properly handle onLocationChange events during navigation between different https sites, which allows remote attackers to spoof the X.509 certificate information in the address bar via a crafted web page.

4.3CVSS8.6AI score0.00776EPSS
CVE
CVE
added 2007/02/26 7:28 p.m.94 views

CVE-2007-0777

The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.

9.3CVSS7.3AI score0.41894EPSS
CVE
CVE
added 2010/04/28 10:30 p.m.94 views

CVE-2010-1585

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote ...

9.3CVSS9.3AI score0.00879EPSS
Total number of security vulnerabilities704